SQL injection vulnerability in index.php in PHP Shopping Cart Selling Website Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.

Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Shopping Cart Selling Website Script allow remote attackers to inject arbitrary web script or HTML via the (1) txtkeywords and (2) cid parameters.

Multiple cross-site scripting (XSS) vulnerabilities in checkout.php in Avactis Shopping Cart 1.8.0 and 1.8.1 allow remote attackers to inject arbitrary web script or HTML via the (1) step_id and (2) CHECKOUT_CZ_BLOWFISH_KEY parameters.

Unrestricted file upload vulnerability in admin/editor/image.php in e-cart.biz Free Shopping Cart allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/.

Cross-site scripting (XSS) vulnerability in CodeToad ASP Shopping Cart Script allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI.

Multiple cross-site scripting (XSS) vulnerabilities in product.php in RakhiSoftware Price Comparison Script (aka Shopping Cart) allow remote attackers to inject arbitrary web script or HTML via the (1) category_id and (2) subcategory_id parameters.

SQL injection vulnerability in product.php in RakhiSoftware Price Comparison Script (aka Shopping Cart) allows remote attackers to execute arbitrary SQL commands via the subcategory_id parameter.

RakhiSoftware Price Comparison Script (aka Shopping Cart) allows remote attackers to obtain sensitive information via an invalid PHPSESSID cookie, which reveals the installation path in an error message.

The ProcessLogin function in class.auth.php in Interspire Shopping Cart (ISC) 4.0.1 Ultimate edition allows remote attackers to bypass authentication and obtain administrative access by reusing the RememberToken cookie after a failed admin login attempt.

SQL injection vulnerability in the BazaarBuilder Ecommerce Shopping Cart (com_prod) 5.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a products action to index.php.