Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cpcommerce cpcommerce vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2009-1936
_functions.php in cpCommerce 1.2.x, possibly including 1.2.9, sends a redirect but does not exit when it is called directly, which allows remote malicious users to bypass a protection mechanism to conduct remote file inclusion and directory traversal attacks, execute arbitrary PH...
Cpcommerce Project Cpcommerce
1 EDB exploit
NA
CVE-2009-1345
SQL injection vulnerability in document.php in cpCommerce 1.2.8 allows remote malicious users to execute arbitrary SQL commands via the id_document parameter.
Cpcommerce Cpcommerce 1.2.8
1 EDB exploit
NA
CVE-2008-4121
Multiple cross-site scripting (XSS) vulnerabilities in cpCommerce prior to 1.2.4 allow remote malicious users to inject arbitrary web script or HTML via (1) the search parameter in a search.quick action to search.php and (2) the name parameter in a sendtofriend action to sendtofr...
Cpcommerce Cpcommerce 0.5f
Cpcommerce Cpcommerce 1.0.6
Cpcommerce Cpcommerce 1.1.0
Cpcommerce Cpcommerce 1.2.0
Cpcommerce Cpcommerce 1.0.7.4
Cpcommerce Cpcommerce 1.0.5
Cpcommerce Cpcommerce 1.0.5.1
Cpcommerce Cpcommerce
Cpcommerce Cpcommerce 1.0.7.3
Cpcommerce Cpcommerce 1.0.7
Cpcommerce Cpcommerce 1.0.9
Cpcommerce Cpcommerce 1.0.8
Cpcommerce Cpcommerce 1.0.9a
Cpcommerce Cpcommerce 1.0.7.2
Cpcommerce Cpcommerce 1.0.7.1
Cpcommerce Cpcommerce 1.2.1
Cpcommerce Cpcommerce 1.2.2
NA
CVE-2008-4637
Cross-site scripting (XSS) vulnerability in cpCommerce prior to 1.2.4 allows remote malicious users to inject arbitrary web script or HTML via unknown vectors in the advanced search feature. NOTE: this is probably a variant of CVE-2008-4121.
Cpcommerce Cpcommerce 1.0.7.4
Cpcommerce Cpcommerce 1.0.7.1
Cpcommerce Cpcommerce 1.1.0
Cpcommerce Cpcommerce
Cpcommerce Cpcommerce 1.0.8
Cpcommerce Cpcommerce 1.0.7
Cpcommerce Cpcommerce 0.5f
Cpcommerce Cpcommerce 1.2.1
Cpcommerce Cpcommerce 1.0.5
Cpcommerce Cpcommerce 1.0.7.3
Cpcommerce Cpcommerce 1.0.9
Cpcommerce Cpcommerce 1.0.9a
Cpcommerce Cpcommerce 1.2.0
Cpcommerce Cpcommerce 1.0.6
Cpcommerce Cpcommerce 1.0.7.2
Cpcommerce Cpcommerce 1.2.2
Cpcommerce Cpcommerce 1.0.5.1
NA
CVE-2008-1906
Cross-site scripting (XSS) vulnerability in calendar.php in cpCommerce 1.1.0 allows remote malicious users to inject arbitrary web script or HTML via the year parameter in a view.year action.
Cpcommerce Cpcommerce 1.1.0
1 EDB exploit
NA
CVE-2008-1907
Multiple SQL injection vulnerabilities in functions/display_page.func.php in cpCommerce 1.1.0 allow remote malicious users to execute arbitrary SQL commands via the (1) id_product, (2) id_manufacturer, and (3) id_category parameters to unspecified components. NOTE: this probably ...
Cpcommerce Cpcommerce 1.1.0
1 EDB exploit
NA
CVE-2008-1908
Multiple directory traversal vulnerabilities in cpCommerce 1.1.0 allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in (1) the language parameter in a language action to the default URI, which is not properly handled in actions/language.a...
Cpcommerce Cpcommerce 1.1.0
1 EDB exploit
NA
CVE-2007-2968
Cross-site scripting (XSS) vulnerability in register.php in cpCommerce 1.1.0 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the name parameter (Full Name field).
Cpcommerce Cpcommerce
NA
CVE-2007-2959
SQL injection vulnerability in manufacturer.php in cpCommerce prior to 1.1.0 allows remote malicious users to execute arbitrary SQL commands via the id_manufacturer parameter.
Cpcommerce Cpcommerce 1.0.7.1
Cpcommerce Cpcommerce 1.0.6
Cpcommerce Cpcommerce 1.0.7
Cpcommerce Cpcommerce 1.0.9a
Cpcommerce Cpcommerce 1.0.5.1
Cpcommerce Cpcommerce 1.0.8
Cpcommerce Cpcommerce 1.0.9
Cpcommerce Cpcommerce 1.0.7.2
Cpcommerce Cpcommerce 1.0.7.3
Cpcommerce Cpcommerce 1.0.7.4
1 EDB exploit
NA
CVE-2007-2890
SQL injection vulnerability in category.php in cpCommerce 1.1.0 and previous versions allows remote malicious users to execute arbitrary SQL commands via the id_category parameter.
Cpcommerce Cpcommerce
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »