Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cs-cart cs-cart vulnerabilities and exploits
(subscribe to this query)
801
VMScore
CVE-2017-15673
The files function in the administration section in CS-Cart 4.6.2 and previous versions allows malicious users to execute arbitrary PHP code via vectors involving a custom page.
Cs-cart Cs-cart
1 Github repository
755
VMScore
CVE-2008-6394
SQL injection vulnerability in core/user.php in CS-Cart 1.3.5 and previous versions allows remote malicious users to execute arbitrary SQL commands via the cs_cookies[customer_user_id] cookie parameter.
Cs-cart Cs-cart 1.3.2
Cs-cart Cs-cart 1.3.3
Cs-cart Cs-cart 1.2
Cs-cart Cs-cart 1.1
Cs-cart Cs-cart 1.3.0
Cs-cart Cs-cart
1 EDB exploit
755
VMScore
CVE-2005-4429
SQL injection vulnerability in CS-Cart 1.3.0 allows remote malicious users to execute arbitrary SQL commands via the (1) sort_by and (2) sort_order parameters to index.php.
Cs-cart Cs-cart 1.3.0
1 EDB exploit
685
VMScore
CVE-2015-2701
Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote malicious users to hijack the authentication of users for requests that change a user password via a request to profiles-update/.
Cs-cart Cs-cart 4.2.4
1 EDB exploit
668
VMScore
CVE-2009-4891
SQL injection vulnerability in index.php in CS-Cart 2.0.0 Beta 3 allows remote malicious users to execute arbitrary SQL commands via the product_id parameter in a products.view action.
Cs-cart Cs-cart 2.0
668
VMScore
CVE-2007-0230
PHP remote file inclusion vulnerability in install.php in CS-Cart 1.3.3 allows remote malicious users to execute arbitrary PHP code via a URL in the install_dir parameter. NOTE: CVE and third parties dispute this vulnerability because install_dir is defined before use
Cs-cart Cs-cart 1.3.3
655
VMScore
CVE-2009-2579
SQL injection vulnerability in reward_points.post.php in the Reward points addon in CS-Cart prior to 2.0.6 allows remote authenticated users to execute arbitrary SQL commands via the sort_order parameter in a reward_points.userlog action to index.php, a different vulnerability th...
Cs-cart Cs-cart 1.3.2
Cs-cart Cs-cart 2.0
Cs-cart Cs-cart 1.2
Cs-cart Cs-cart 1.1
Cs-cart Cs-cart 2.0.4
Cs-cart Cs-cart 1.3.5
Cs-cart Cs-cart 1.3.0
Cs-cart Cs-cart 1.3.3
Cs-cart Cs-cart
Cs-cart Cs-cart 1.3.5sp3
Cs-cart Cs-cart 1.3.5sp2
1 EDB exploit
605
VMScore
CVE-2017-2138
Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and previous versions (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and previous versions (excluding v2 and v3) allows remote malicious users to hijack the authentication of ...
Cs-cart Cs-cart Multivendor
Cs-cart Cs-cart
578
VMScore
CVE-2016-4862
Twigmo bundled with CS-Cart 4.3.9 and previous versions and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and previous versions allow remote authenticated users to execute arbitrary PHP code on the servers.
Cs-cart Cs-cart
515
VMScore
CVE-2006-2863
PHP remote file inclusion vulnerability in class.cs_phpmailer.php in CS-Cart 1.3.3 allows remote malicious users to execute arbitrary PHP code via a URL in the classes_dir parameter.
Cs-cart Cs-cart 1.3.0
Cs-cart Cs-cart
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »