Lucene search
HistoryOct 20, 2014 - 4:55 p.m.
CVE-2014-3978
cve-2014-3978
tomatocart
sql injection
vulnerability
remote authenticated users
arbitrary sql commands
address book contact
nvd
7.7 High
AI Score
Confidence
Low
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
41.0%
SQL injection vulnerability in TomatoCart 1.1.8.6.1 allows remote authenticated users to execute arbitrary SQL commands via the First Name and Last Name fields in a new address book contact.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tomatocart:tomatocart | tomatocart | eq | 1.1.8.6.1 |
Related
seebug
seebug
TomatoCart 1.x - SQL Injection Vulnerability
2014-08-20 00:00:00
prion
prion
Sql injection
2014-10-20 16:55:00
exploitpack
exploitpack
TomatoCart 1.x - SQL Injection
2014-08-09 00:00:00
dsquare
dsquare
TomatoCart 1.1.8 SQL Injection
2014-09-20 00:00:00
zdt
zdt
TomatoCart 1.x - SQL Injection Vulnerability
2014-08-14 00:00:00
exploitdb
exploitdb
TomatoCart 1.x - SQL Injection
2014-08-09 00:00:00
packetstorm
packetstorm
TomatoCart 1.x Cross Site Scripting / SQL Injection
2014-08-06 00:00:00
securityvulns
securityvulns
TomatoCart v1.x (latest-stable) Multiple Vulnerabilities
2014-08-26 00:00:00
openvas
openvas
TomatoCart SQL Injection and Cross Site Scripting Vulnerabilities
2014-10-28 00:00:00
7.7 High
AI Score
Confidence
Low
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
41.0%
Related for CVE-2014-3978