Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
remote cart remote cart vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2006-4214
Multiple SQL injection vulnerabilities in Zen Cart 1.3.0.2 and previous versions allow remote malicious users to execute arbitrary SQL commands via (1) GPC data to the ipn_get_stored_session function in ipn_main_handler.php, which can be leveraged to modify elements of $_SESSION;...
Zen Cart Zen Cart
5
CVSSv2
CVE-2006-5246
Eazy Cart allows remote malicious users to change prices and other critical fields via unspecified vectors to easycart.php, probably including the price parameter. NOTE: some details are obtained from third party information.
Eazy Cart Eazy Cart
6.5
CVSSv2
CVE-2016-4862
Twigmo bundled with CS-Cart 4.3.9 and previous versions and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and previous versions allow remote authenticated users to execute arbitrary PHP code on the servers.
Cs-cart Cs-cart
9
CVSSv2
CVE-2017-15673
The files function in the administration section in CS-Cart 4.6.2 and previous versions allows malicious users to execute arbitrary PHP code via vectors involving a custom page.
Cs-cart Cs-cart
1 Github repository
6.8
CVSSv2
CVE-2006-5247
Multiple cross-site scripting (XSS) vulnerabilities in Eazy Cart allow remote malicious users to inject arbitrary web script or HTML via easycart.php, possibly related to the (1) des and (2) qty parameters in an add action, and via other unspecified vectors. NOTE: some details ar...
Eazy Cart Eazy Cart
7.5
CVSSv2
CVE-2009-4323
The installation for Zen Cart stores sensitive information and insecure programs under the (1) docs, (2) extras, and (3) zc_install folders, and (4) install.txt, which allows remote malicious users to obtain sensitive information, delete the database, and conduct other attacks vi...
Zen-cart Zen Cart
2.6
CVSSv2
CVE-2005-3997
Zen Cart 1.2.6d and previous versions, under certain PHP configurations, allows remote malicious users to obtain sensitive information via direct requests to files in the admin/includes directory, including (1) graphs/banner_daily.php, (2) graphs/banner_infobox.php, (3) graphs/ba...
Zen Cart Zen Cart
7.5
CVSSv2
CVE-2007-2559
Multiple PHP remote file inclusion vulnerabilities in american cart 3.5 allow remote malicious users to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php, (2) checkout.php, and (3) libsecure.php.
American Cart American Cart 3.5
7.5
CVSSv2
CVE-2007-2070
Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart prior to 3.5.1 allow remote malicious users to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php or (2) checkout.php.
Turnkey Web Tools Sunshop Shopping Cart 3.5
Turnkey Web Tools Sunshop Shopping Cart
1 EDB exploit
7.5
CVSSv2
CVE-2007-0230
PHP remote file inclusion vulnerability in install.php in CS-Cart 1.3.3 allows remote malicious users to execute arbitrary PHP code via a URL in the install_dir parameter. NOTE: CVE and third parties dispute this vulnerability because install_dir is defined before use
Cs-cart Cs-cart 1.3.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »