Description
phpcart.php in PHPCart 3.2 allows remote attackers to change product price information by modifying the (1) price or (2) postage parameters. NOTE: it was later reported that 3.4 through 4.6.4 are also affected.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Lostmon · textwebappsphp
https://www.exploit-db.com/exploits/25548
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/495806/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44766
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/13406
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/15147
Exploit x_refsource_misc
http://lostmon.blogspot.com/2005/04/phpcart-price-manipulation.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/30887
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/15859
Scores
EPSS
0.1125
EPSS Percentile
93.5%
Details
CWE
CWE-20
Status
published
Products (3)
phpcart/phpcart
3.2
phpcart/phpcart
3.4
phpcart/phpcart
4.6.4
Published
May 03, 2005
Tracked Since
Feb 18, 2026