Show filters
15 Total Results
Displaying 11-15 of 15
Sort by:
Attacker Value
Unknown
CVE-2005-1822
Disclosure Date: June 01, 2005 (last updated February 22, 2025)
Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) printable parameter to home.php, (3) productid or (4) mode parameter to product.php, (5) id parameter to error_message.php, (6) section parameter to help.php, (7) mode parameter to orders.php, (8) mode parameter to register.php, (9) mode parameter to search.php, or the (10) gcid or (11) gcindex parameter to giftcert.php.
0
Attacker Value
Unknown
CVE-2005-1823
Disclosure Date: June 01, 2005 (last updated February 22, 2025)
Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) cat or (2) printable parameter to home.php, (3) productid or (4) mode parameter to product.php, (5) id parameter to error_message.php, (6) section parameter to help.php, (7) mode parameter to orders.php, (8) mode parameter to register.php, (9) mode parameter to search.php, or the (10) gcid or (11) gcindex parameter to giftcert.php.
0
Attacker Value
Unknown
CVE-2004-0241
Disclosure Date: November 23, 2004 (last updated February 22, 2025)
X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via the perl_binary argument in (1) upgrade.php or (2) general.php.
0
Attacker Value
Unknown
CVE-2004-0242
Disclosure Date: November 23, 2004 (last updated February 22, 2025)
X-Cart 3.4.3 allows remote attackers to gain sensitive information via a mode parameter with (1) phpinfo command or (2) perlinfo command.
0
Attacker Value
Unknown
CVE-2004-0240
Disclosure Date: November 23, 2004 (last updated February 22, 2025)
Directory traversal vulnerability in X-Cart 3.4.3 allows remote attackers to view arbitrary files via a .. (dot dot) in the shop_closed_file argument to auth.php.
0
