Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cs-cart cs-cart vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2005-4429
SQL injection vulnerability in CS-Cart 1.3.0 allows remote malicious users to execute arbitrary SQL commands via the (1) sort_by and (2) sort_order parameters to index.php.
Cs-cart Cs-cart 1.3.0
1 EDB exploit
NA
CVE-2007-0230
PHP remote file inclusion vulnerability in install.php in CS-Cart 1.3.3 allows remote malicious users to execute arbitrary PHP code via a URL in the install_dir parameter. NOTE: CVE and third parties dispute this vulnerability because install_dir is defined before use
Cs-cart Cs-cart 1.3.3
6.1
CVSSv3
CVE-2021-32202
In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by manipulating the "post description" filed in the blog post creation page.
Cs-cart Cs-cart 4.11.1
1 Github repository
NA
CVE-2015-2701
Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote malicious users to hijack the authentication of users for requests that change a user password via a request to profiles-update/.
Cs-cart Cs-cart 4.2.4
1 EDB exploit
NA
CVE-2009-4891
SQL injection vulnerability in index.php in CS-Cart 2.0.0 Beta 3 allows remote malicious users to execute arbitrary SQL commands via the product_id parameter in a products.view action.
Cs-cart Cs-cart 2.0
5.3
CVSSv3
CVE-2017-2139
CS-Cart Japanese Edition v4.3.10 and previous versions (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and previous versions (excluding v2 and v3) allows remote malicious users to bypass access restriction to obtain customer information via orders.pre.php.
Frogman Office Inc Cs-cart
5.3
CVSSv3
CVE-2017-2143
CS-Cart Japanese Edition v4.3.10-jp-1 and previous versions, CS-Cart Multivendor Japanese Edition v4.3.10-jp-1 and previous versions allows remote malicious users to bypass access restriction to create a request to return a customer purchased item via rma.post.php.
Frogman Office Inc Cs-cart Multivendor Japanese Edition 4.3.10-jp-1
Frogman Office Inc Cs-cart Japanese Edition 4.3.10-jp-1
NA
CVE-2009-25793
CS-Cart versions 2.0.5 and below suffer from a remote SQL injection vulnerability.
7.5
CVSSv3
CVE-2020-8889
The ShipStation.com plugin 1.0 for CS-Cart allows remote malicious users to obtain sensitive information (via action=export) because a typo results in a successful comparison of a blank password and NULL.
Shipstation Shipstation 1.0
3.7
CVSSv3
CVE-2020-9009
The ShipStation.com plugin 1.1 and previous versions for CS-Cart allows remote malicious users to insert arbitrary information into the database (via action=shipnotify) because access to this endpoint is completely unchecked. The attacker must guess an order number.
Shipstation Shipstation
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
log injection
CVE-2024-37079
type confusion
CVE-2024-32943
CVE-2024-30103
CVE-2024-37350
arbitrary code
CVE-2024-6189
CVE-2024-6225
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2