Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
SQL injection vulnerability in reward_points.post.php in the Reward points addon in CS-Cart before 2.0.6 allows remote authenticated users to execute arbitrary SQL commands via the sort_order parameter in a reward_points.userlog action to index.php, a different vulnerability than CVE-2005-4429.2.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
CS-Cart 'reward_points.post.php' SQL注入漏洞
Vulnerability Description
CS-Cart 2.0.6之前的版本中Reward指针插件的reward_points.post.php脚本中存在SQL注入漏洞。远程攻击者可以通过脚本index.php中的reward_points.userlog操作绕过用户认证,执行任意的SQL命令。该漏洞不同于CVE-2005-4429.2漏洞。
CVSS Information
N/A
Vulnerability Type
N/A