|
|
CVE Reference: CVE-2005-2220 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2005-2220 |
|
|
Description: ** DISPUTED ** Dragonfly Commerce allows remote attackers to change a product price by modifying the x_DragonflyCartProductPrice hidden field to (1) dc_Categorieslist.asp, (2) dc_Categoriesview.asp, (3) dc_productslist.asp, and (4) dc_productslist_Clearance.asp. NOTE: the vendor has disputed this issue, saying that "Dragonfly Commerce does not allow for editing prices nor does it allow for viewing information about clients stored in the database except by the store owner and authorized staff as appointed in the store administration." However, SecurityTracker claims that they have been able to confirm the problem. |
|
|
CVE Status: Candidate |
|
|
References: ST 1014451 MISC http://www.digitalparadox.org/viewadvisories.ah?view=46 BUGTRAQ http://marc.theaimsgroup.com/?l=bugtraq&m=112121930328341&w=2 |
|
| Return to the previous page. |
