Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
remote cart remote cart vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2006-0697
Zen Cart prior to 1.2.7 does not protect the admin/includes directory, which allows remote malicious users to cause unknown impact via unspecified vectors, probably direct requests.
Zen-cart Zen Cart
Zen-cart Zen Cart 1.2.5d
Zen-cart Zen Cart 1.2.4d
Zen-cart Zen Cart 1.2.3d
Zen-cart Zen Cart 1.2.1d
Zen-cart Zen Cart 1.2.1
Zen-cart Zen Cart 1.2.0d
Zen-cart Zen Cart 1.1.3
Zen-cart Zen Cart 1.1.0
Zen-cart Zen Cart 1.2.4.1
Zen-cart Zen Cart 1.2.2d
6.5
CVSSv2
CVE-2009-2579
SQL injection vulnerability in reward_points.post.php in the Reward points addon in CS-Cart prior to 2.0.6 allows remote authenticated users to execute arbitrary SQL commands via the sort_order parameter in a reward_points.userlog action to index.php, a different vulnerability th...
Cs-cart Cs-cart 1.3.2
Cs-cart Cs-cart 2.0
Cs-cart Cs-cart 1.2
Cs-cart Cs-cart 1.1
Cs-cart Cs-cart 2.0.4
Cs-cart Cs-cart 1.3.5
Cs-cart Cs-cart 1.3.0
Cs-cart Cs-cart 1.3.3
Cs-cart Cs-cart
Cs-cart Cs-cart 1.3.5sp3
Cs-cart Cs-cart 1.3.5sp2
1 EDB exploit
7.5
CVSSv2
CVE-2006-4218
Directory traversal vulnerability in Zen Cart 1.3.0.2 and previous versions allows remote malicious users to include and possibly execute arbitrary local files via directory traversal sequences in the typefilter parameter.
Zen Cart Zen Cart 1.2.4.1
Zen Cart Zen Cart 1.2.4d
Zen Cart Zen Cart 1.2.0d
Zen Cart Zen Cart 1.2.5d
Zen Cart Zen Cart 1.2.6d
Zen Cart Zen Cart 1.2.1 Patch1
Zen Cart Zen Cart 1.2.1d
Zen Cart Zen Cart 1.3.0.2
Zen Cart Zen Cart 1.2.2d
Zen Cart Zen Cart 1.2.3d
7.5
CVSSv2
CVE-2009-2254
Zen Cart 1.3.8a, 1.3.8, and previous versions does not require administrative authentication for admin/sqlpatch.php, which allows remote malicious users to execute arbitrary SQL commands via the query_string parameter in an execute action, in conjunction with a PATH_INFO of passw...
Zen-cart Zen Cart 1.3.6
Zen-cart Zen Cart 1.2.4d
Zen-cart Zen Cart 1.1.3
Zen-cart Zen Cart 1.1.0
Zen-cart Zen Cart 1.2.1d
Zen-cart Zen Cart 1.2.0d
Zen-cart Zen Cart 1.3.7
Zen-cart Zen Cart
Zen-cart Zen Cart 1.3.8
1 EDB exploit
6.8
CVSSv2
CVE-2008-6986
SQL injection vulnerability in the actionMultipleAddProduct function in includes/classes/shopping_cart.php in Zen Cart 1.3.0 up to and including 1.3.8a, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the products_id array pa...
Zen-cart Zen Cart 1.3.2
Zen-cart Zen Cart 1.3
Zen-cart Zen Cart 1.3.8
Zen-cart Zen Cart 1.3.8a
Zen-cart Zen Cart 1.3.7
Zen-cart Zen Cart 1.3.6
Zen-cart Zen Cart 1.3.5
Zen-cart Zen Cart 1.3.0.2
7.5
CVSSv2
CVE-2008-6394
SQL injection vulnerability in core/user.php in CS-Cart 1.3.5 and previous versions allows remote malicious users to execute arbitrary SQL commands via the cs_cookies[customer_user_id] cookie parameter.
Cs-cart Cs-cart 1.3.2
Cs-cart Cs-cart 1.3.3
Cs-cart Cs-cart 1.2
Cs-cart Cs-cart 1.1
Cs-cart Cs-cart 1.3.0
Cs-cart Cs-cart
1 EDB exploit
4.3
CVSSv2
CVE-2015-0882
Multiple cross-site scripting (XSS) vulnerabilities in zencart-ja (aka Zen Cart Japanese edition) 1.3 jp up to and including 1.3.0.2 jp8 and 1.5 ja up to and including 1.5.1 ja allow remote malicious users to inject arbitrary web script or HTML via a crafted parameter, related to...
Zen-cart Zen Cart 1.5.0
Zen-cart Zen Cart 1.3.0.0
Zen-cart Zen Cart 1.3.0.1
Zen-cart Zen Cart 1.3.0.2
Zen-cart Zen Cart 1.5.1
5
CVSSv2
CVE-2013-0118
CS-Cart prior to 3.0.6, when PayPal Standard Payments is configured, allows remote malicious users to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's self.
Cs-cart Cs-cart 3.0.2
Cs-cart Cs-cart 3.0
Cs-cart Cs-cart 3.0.3
Cs-cart Cs-cart 3.0.4
Cs-cart Cs-cart
6.8
CVSSv2
CVE-2006-6868
Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart Web Shopping Cart prior to 1.3.7 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Zen Cart Web Shopping Cart 1.2.6d
Zen Cart Web Shopping Cart 1.2.7
Zen Cart Web Shopping Cart 1.3.5
Zen Cart Web Shopping Cart 1.3
Zen Cart Web Shopping Cart 1.3.2
Zen Cart Web Shopping Cart 1.1.2d
7.5
CVSSv2
CVE-2005-1289
index.cgi in E-Cart 2004 1.1 and previous versions allows remote malicious users to execute arbitrary commands via shell metacharacters in the (1) art and possibly (2) cat parameters.
E-cart E-cart 2004 1.1
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »