Description
SQL injection vulnerability in reward_points.post.php in the Reward points addon in CS-Cart before 2.0.6 allows remote authenticated users to execute arbitrary SQL commands via the sort_order parameter in a reward_points.userlog action to index.php, a different vulnerability than CVE-2005-4429.2.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Ryan Dewhurst · textwebappsphp
https://www.exploit-db.com/exploits/33146
References (5)
Core 5
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/35936
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36112
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/505492/100/0/threaded
Exploit x_refsource_misc
http://www.bonsai-sec.com/research/vulnerabilities/cs-cart_SQL-injection-0100.txt
Various Sources x_refsource_confirm
http://www.cs-cart.com/changelog206.html
Scores
EPSS
0.0029
EPSS Percentile
52.3%
Details
CWE
CWE-89
Status
published
Products (11)
cs-cart/cs-cart
1.1
cs-cart/cs-cart
1.2
cs-cart/cs-cart
1.3.0
cs-cart/cs-cart
1.3.2 (3 CPE variants)
cs-cart/cs-cart
1.3.3
cs-cart/cs-cart
1.3.5 beta (2 CPE variants)
cs-cart/cs-cart
1.3.5sp2
cs-cart/cs-cart
1.3.5sp3
cs-cart/cs-cart
2.0 (5 CPE variants)
cs-cart/cs-cart
2.0.4
... and 1 more
Published
Aug 05, 2009
Tracked Since
Feb 18, 2026