CVE-2005-1398 Information

Description

phpcart.php in PHPCart 3.2 allows remote attackers to change product price information by modifying the (1) price or (2) postage parameters. NOTE: it was later reported that 3.4 through 4.6.4 are also affected.

Reference

http://lostmon.blogspot.com/2005/04/phpcart-price-manipulation.html http://secunia.com/advisories/15147 http://www.osvdb.org/15859 http://www.securityfocus.com/archive/1/495806/100/0/threaded http://www.securityfocus.com/bid/13406 http://www.securityfocus.com/bid/30887 https://exchange.xforce.ibmcloud.com/vulnerabilities/44766