Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
remote cart remote cart vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-43149
SPA-Cart 1.9.0.3 is vulnerable to Cross Site Request Forgery (CSRF) that allows a remote malicious user to add an admin user with role status.
Spa-cart Spa-cart 1.9.0.3
668
VMScore
CVE-2004-2025
SQL injection vulnerability in application_top.php for Zen Cart 1.1.3 before patch 2 may allow remote malicious users to execute arbitrary SQL commands via the products_id parameter.
Zen Cart Zen Cart 1.1.3
755
VMScore
CVE-2005-4429
SQL injection vulnerability in CS-Cart 1.3.0 allows remote malicious users to execute arbitrary SQL commands via the (1) sort_by and (2) sort_order parameters to index.php.
Cs-cart Cs-cart 1.3.0
1 EDB exploit
668
VMScore
CVE-2009-4891
SQL injection vulnerability in index.php in CS-Cart 2.0.0 Beta 3 allows remote malicious users to execute arbitrary SQL commands via the product_id parameter in a products.view action.
Cs-cart Cs-cart 2.0
685
VMScore
CVE-2015-2701
Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote malicious users to hijack the authentication of users for requests that change a user password via a request to profiles-update/.
Cs-cart Cs-cart 4.2.4
1 EDB exploit
1000
VMScore
CVE-2015-8352
Directory traversal vulnerability in Zen Cart 1.5.4 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php.
Zen-cart Zen Cart 1.5.4
1 EDB exploit
685
VMScore
CVE-2009-1447
Unrestricted file upload vulnerability in admin/editor/image.php in e-cart.biz Free Shopping Cart allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/.
E-cart Free Shopping Cart
1 EDB exploit
356
VMScore
CVE-2006-5119
Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart 1.3.5 allow remote malicious users to inject arbitrary web script or HTML via the (1) admin_name or (2) admin_pass parameter in (a) admin/login.php, or the (3) admin_email parameter in (b) admin/password_forgotten.ph...
Zen Cart Zen Cart 1.3.5
435
VMScore
CVE-2008-1458
Cross-site scripting (XSS) vulnerability in index.php in CS-Cart 1.3.2 allows remote malicious users to inject arbitrary web script or HTML via the q parameter in a products search action. NOTE: it was also reported that 1.3.5-SP2 trial edition is also affected.
Cs-cart Cs-cart 1.3.2
1 EDB exploit
755
VMScore
CVE-2008-6615
SQL injection vulnerability in index.php in Zen Software Zen Cart 2008 allows remote malicious users to execute arbitrary SQL commands via the keyword parameter in the advanced_search_result page. NOTE: the provenance of this information is unknown; the details are obtained solel...
Zen-cart Zen Cart 2008
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »