Client-side encryption vulnerability in 3D3.Com ShopFactory 5.8 allows remote attackers to modify shopping cart prices.

Client-side encryption vulnerability in 3D3.Com ShopFactory 5.8 allows remote attackers to modify shopping cart prices.

CVE-2002-2303 · HIGH Severity

AV:N/AC:L/AU:N/C:N/I:C/A:N

3D3.Com ShopFactory 5.8 uses client-side encryption and decryption for sensitive price data, which allows remote attackers to modify shopping cart prices by using the Javascript to decrypt the cookie that contains the data.

Learn more about our Web Application Penetration Testing UK.