Lucene search

A-cart Security Vulnerabilities

cve

CVE-2006-6111

Multiple SQL injection vulnerabilities in Alan Ward A-Cart Pro 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) productid parameter in product.asp or (2) search parameter in search.asp. NOTE: the category.asp vector is already covered by...

8.9AI Score

0.007EPSS

2006-11-26 10:07 PM

cve

CVE-2006-2948

A-CART 2.0 stores the acart2_0.mdb file under the web document root with insufficient access control, which allows remote attackers to obtain username and password...

7.7AI Score

0.009EPSS

2006-06-12 08:06 PM

cve

CVE-2004-1873

SQL injection vulnerability in category.asp in A-CART Pro and A-CART 2.0 allows remote attackers to gain privileges via the catcode...

8.3AI Score

0.008EPSS

2004-12-31 05:00 AM

cve

CVE-2004-1874

Multiple cross-site scripting (XSS) vulnerabilities in (1) deliver.asp and (2) billing.asp in A-CART Pro and A-CART 2.0 allow remote attackers to inject arbitrary web script or HTML via the user information...

6.2AI Score

0.004EPSS

2004-03-29 05:00 AM

cve

CVE-2002-1432

MidiCart stores the midicart.mdb database file under the Web document root, which allows remote attackers to steal sensitive information by directly requesting the...

7.1AI Score

0.011EPSS

2003-04-11 04:00 AM