Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
remote cart remote cart vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2023-43148
SPA-Cart 1.9.0.3 has a Cross Site Request Forgery (CSRF) vulnerability that allows a remote malicious user to delete all accounts.
Spa-cart Spa-cart 1.9.0.3
8.8
CVSSv3
CVE-2023-43149
SPA-Cart 1.9.0.3 is vulnerable to Cross Site Request Forgery (CSRF) that allows a remote malicious user to add an admin user with role status.
Spa-cart Spa-cart 1.9.0.3
NA
CVE-2005-4429
SQL injection vulnerability in CS-Cart 1.3.0 allows remote malicious users to execute arbitrary SQL commands via the (1) sort_by and (2) sort_order parameters to index.php.
Cs-cart Cs-cart 1.3.0
1 EDB exploit
NA
CVE-2004-2025
SQL injection vulnerability in application_top.php for Zen Cart 1.1.3 before patch 2 may allow remote malicious users to execute arbitrary SQL commands via the products_id parameter.
Zen Cart Zen Cart 1.1.3
NA
CVE-2006-2827
SQL injection vulnerability in search.php in X-Cart Gold and Pro 4.0.18, and X-Cart 4.1.0 beta 1, allows remote malicious users to execute arbitrary SQL commands via the "Search for pattern" field, when the settings specify only "Search in Detailed description"...
Qualiteam X-cart 4.1.0 Beta 1
Qualiteam X-cart Gold 4.0.18
Qualiteam X-cart Pro 4.0.18
NA
CVE-2009-4891
SQL injection vulnerability in index.php in CS-Cart 2.0.0 Beta 3 allows remote malicious users to execute arbitrary SQL commands via the product_id parameter in a products.view action.
Cs-cart Cs-cart 2.0
NA
CVE-2015-2701
Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote malicious users to hijack the authentication of users for requests that change a user password via a request to profiles-update/.
Cs-cart Cs-cart 4.2.4
1 EDB exploit
9.8
CVSSv3
CVE-2015-8352
Directory traversal vulnerability in Zen Cart 1.5.4 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php.
Zen-cart Zen Cart 1.5.4
1 EDB exploit
NA
CVE-2009-1447
Unrestricted file upload vulnerability in admin/editor/image.php in e-cart.biz Free Shopping Cart allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/.
E-cart Free Shopping Cart
1 EDB exploit
NA
CVE-2006-5119
Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart 1.3.5 allow remote malicious users to inject arbitrary web script or HTML via the (1) admin_name or (2) admin_pass parameter in (a) admin/login.php, or the (3) admin_email parameter in (b) admin/password_forgotten.ph...
Zen Cart Zen Cart 1.3.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »