ViArt Shop (aka Shopping Cart) 3.5 allows remote malicious users to obtain sensitive information via an unauthenticated add and save action for a shopping cart in cart_save.php, which reveals the SQL table names in an error message, related to code that mishandles the lack of a user_id parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
viart viart shop 3.5 |