c32web.exe in McMurtrey/Whitaker Cart32 before 6.4 allows remote attackers to read arbitrary files via the ImageName parameter in a GetImage action, by appending a NULL byte (%00) sequence followed by an image file extension, as demonstrated by a request for a ".txt%00.gif" file. NOTE: this might.....
7AI Score
0.008EPSS
Cross-site scripting (XSS) vulnerability in (1) cart32.exe or (2) c32web.exe in Cart32 shopping cart allows remote attackers to execute arbitrary web script via the cart32 parameter to a GetLatestBuilds...
6.4AI Score
0.007EPSS
Cart32 allows remote attackers to access sensitive debugging information by appending /expdate to the URL...
7.2AI Score
0.02EPSS
A backdoor password in Cart32 3.0 and earlier allows remote attackers to execute arbitrary...
7.7AI Score
0.022EPSS
The Cart32 shopping cart application allows remote users to modify sensitive purchase information via hidden form...
7.1AI Score
0.036EPSS