SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection

Exploit Title: SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection Exploit Author: CraCkEr Date: 20/08/2023 Vendor: SPA-Cart Vendor Homepage: https://spa-cart.com/ Software Link: https://demo.spa-cart.com/ Version: 1.9.0.3 Tested on: Windows 10 Pro Impact: Database Access CVE: CVE-2023-4548 CWE: CWE-8...

SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS

Exploit Title: SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS Exploit Author: CraCkEr Date: 20/08/2023 Vendor: SPA-Cart Vendor Homepage: https://spa-cart.com/ Software Link: https://demo.spa-cart.com/ Version: 1.9.0.3 Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE:...

SPA-Cart eCommerce CMS 1.9.0.3 SQL Injection Vulnerability

Exploit Title: SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection Exploit Author: CraCkEr Vendor: SPA-Cart Vendor Homepage: https://spa-cart.com/ Software Link: https://demo.spa-cart.com/ Tested on: Windows 10 Pro Impact: Database Access CVE: CVE-2023-4548 CWE: CWE-89 - CWE-74 - CWE-707 Greetings...

SPA-Cart eCommerce CMS 1.9.0.3 Cross Site Scripting

Exploit Title: SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS Exploit Author: CraCkEr Date: 20/08/2023 Vendor: SPA-Cart Vendor Homepage: https://spa-cart.com/ Software Link: https://demo.spa-cart.com/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE: CVE-2023-4547 CWE:...

SPA-Cart eCommerce CMS 1.9.0.3 SQL Injection

Exploit Title: SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection Exploit Author: CraCkEr Date: 20/08/2023 Vendor: SPA-Cart Vendor Homepage: https://spa-cart.com/ Software Link: https://demo.spa-cart.com/ Tested on: Windows 10 Pro Impact: Database Access CVE: CVE-2023-4548 CWE: CWE-89 - CWE-74 -...

CVE-2023-4548

A vulnerability classified as critical has been found in SPA-Cart eCommerce CMS 1.9.0.3. This affects an unknown part of the file /search of the component GET Parameter Handler. The manipulation of the argument filterbrandid leads to sql injection. It is possible to initiate the attack remotely...

Sql injection

A vulnerability classified as critical has been found in SPA-Cart eCommerce CMS 1.9.0.3. This affects an unknown part of the file /search of the component GET Parameter Handler. The manipulation of the argument filterbrandid leads to sql injection. It is possible to initiate the attack remotely...

CVE-2023-4548

CVE-2023-4548 affects SPA-Cart eCommerce CMS v1.9.0.3. A SQL injection flaw exists in the GET Parameter Handler’s GET parameter “filter[brandid]” within the /search endpoint, allowing remote abuse. Exploitation is demonstrated in public advisories and exploit listings (e.g., Exploit-DB, PacketSto...

CVE-2023-4547

A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filterbrandid/filterprice leads to cross site scripting. The attack may be launched remotely...

Cross site scripting

A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filterbrandid/filterprice leads to cross site scripting. The attack may be launched remotely...

CVE-2023-4547

SPA-Cart eCommerce CMS 1.9.0.3 is affected by a cross-site scripting vulnerability in the /search endpoint. The issue stems from unsanitized input in the parameters filter[brandid] and filter[price] , which can be exploited remotely to inject script. Mitigation: upgrade to a version newer than 1....

CVE-2023-4547 SPA-Cart eCommerce CMS search cross site scripting

A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filterbrandid/filterprice leads to cross site scripting. The attack may be launched remotely...

SPA-Cart eCommerce CMS SQL注入漏洞

SPA-Cart eCommerce CMS is a CMS system from SPA-Cart. A SQL injection vulnerability exists in SPA-Cart eCommerce CMS version 1.9.0.3, which stems from the parameter filterbrandid in the file /search that can lead to sql injection...