Show filters
4 Total Results
Displaying 1-4 of 4
Sort by:
Attacker Value
Unknown

CVE-2014-3868

Disclosure Date: January 31, 2020 (last updated February 21, 2025)
Multiple SQL injection vulnerabilities in ZeusCart 4.x.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2015-2182

Disclosure Date: March 11, 2015 (last updated October 05, 2023)
Multiple cross-site scripting (XSS) vulnerabilities in ZeusCart 4 allow remote attackers to inject arbitrary web script or HTML via the (1) schltr parameter in a brands action or (2) brand parameter in a viewbrands action to index.php. NOTE: The search parameter vector is already covered by CVE-2010-5322.
0
0
Attacker Value
Unknown

CVE-2015-2184

Disclosure Date: March 10, 2015 (last updated October 05, 2023)
ZeusCart 4 allows remote attackers to obtain configuration information via a getphpinfo action to admin/, which calls the phpinfo function.
0
0
Attacker Value
Unknown

CVE-2015-2183

Disclosure Date: March 10, 2015 (last updated October 05, 2023)
Multiple SQL injection vulnerabilities in the administrative backend in ZeusCart 4 allow remote administrators to execute arbitrary SQL commands via the id parameter in a (1) disporders detail or (2) subadminmgt edit action or (3) cid parameter in an editcurrency action to admin/.
0
0