Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cs-cart cs-cart vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2009-4891
SQL injection vulnerability in index.php in CS-Cart 2.0.0 Beta 3 allows remote malicious users to execute arbitrary SQL commands via the product_id parameter in a products.view action.
Cs-cart Cs-cart 2.0
4.3
CVSSv2
CVE-2008-1458
Cross-site scripting (XSS) vulnerability in index.php in CS-Cart 1.3.2 allows remote malicious users to inject arbitrary web script or HTML via the q parameter in a products search action. NOTE: it was also reported that 1.3.5-SP2 trial edition is also affected.
Cs-cart Cs-cart 1.3.2
1 EDB exploit
7.5
CVSSv2
CVE-2007-0230
PHP remote file inclusion vulnerability in install.php in CS-Cart 1.3.3 allows remote malicious users to execute arbitrary PHP code via a URL in the install_dir parameter. NOTE: CVE and third parties dispute this vulnerability because install_dir is defined before use
Cs-cart Cs-cart 1.3.3
4.3
CVSSv2
CVE-2021-32202
In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by manipulating the "post description" filed in the blog post creation page.
Cs-cart Cs-cart 4.11.1
1 Github repository
6.8
CVSSv2
CVE-2015-2701
Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote malicious users to hijack the authentication of users for requests that change a user password via a request to profiles-update/.
Cs-cart Cs-cart 4.2.4
1 EDB exploit
5
CVSSv2
CVE-2017-2139
CS-Cart Japanese Edition v4.3.10 and previous versions (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and previous versions (excluding v2 and v3) allows remote malicious users to bypass access restriction to obtain customer information via orders.pre.php.
Frogman Office Inc Cs-cart
5
CVSSv2
CVE-2017-2143
CS-Cart Japanese Edition v4.3.10-jp-1 and previous versions, CS-Cart Multivendor Japanese Edition v4.3.10-jp-1 and previous versions allows remote malicious users to bypass access restriction to create a request to return a customer purchased item via rma.post.php.
Frogman Office Inc Cs-cart Japanese Edition 4.3.10-jp-1
Frogman Office Inc Cs-cart Multivendor Japanese Edition 4.3.10-jp-1
NA
CVE-2009-25793
CS-Cart versions 2.0.5 and below suffer from a remote SQL injection vulnerability.
NA
CVE-2020-8889
The ShipStation.com plugin 1.0 for CS-Cart allows remote malicious users to obtain sensitive information (via action=export) because a typo results in a successful comparison of a blank password and NULL.
Shipstation Shipstation 1.0
NA
CVE-2020-9009
The ShipStation.com plugin 1.1 and previous versions for CS-Cart allows remote malicious users to insert arbitrary information into the database (via action=shipnotify) because access to this endpoint is completely unchecked. The attacker must guess an order number.
Shipstation Shipstation
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2