CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/05/22 1:2 a.m.•5 views

CVE-2015-9226

Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the 1 checkdownload and possibly 2 checkfilename function in upload/admin2/model/products/modeladmindownload.php or remote authenticated users wit...

7.2CVSS8.6AI score0.01749EPSS

RedhatCVE•added 2025/05/22 12:36 a.m.•5 views

CVE-2011-3701

AlegroCart 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by common.php and certain other files...

5CVSS6.5AI score0.00283EPSS

Packet Storm•added 2025/04/24 12:0 a.m.•284 views

📄 AlegroCart 1.2.9 Cross Site Scripting

AlegroCart version 1.2.9 suffers from persistent and reflective cross site scripting vulnerabilities. Exploit Title: XSS via SVG Image Upload - alegrocartv1.2.9 Date: 04/2025 Exploit Author: Andrey Stoykov Version: 1.2.9 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/ XSS via SVG Imag...

6.7AI score

Exploits0

Packet Storm•added 2025/04/24 12:0 a.m.•268 views

📄 AlegroCart 1.2.9 Logic Flaw

AlegroCart version 1.2.9 suffers from a business logic flaw that allows for price manipulation. Exploit Title: Business Logic Flaw: Price Manipulation - alegrocartv1.2.9 Date: 04/2025 Exploit Author: Andrey Stoykov Version: 1.2.9 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/ Busines...

7AI score

Exploits0

CNVD•added 2017/09/13 12:0 a.m.•1 views

AlegroCart Arbitrary Code Execution Vulnerability

AlegroCart is an open source online business solution from the Canadian ALEGROCART team. AlegroCart version 1.2.8 has a remote file inclusion vulnerability in the 'getfile' function of the upload/admin2/controller/reportlogs.php file, which stems from the program failing to detect the 'filepath'...

7.2CVSS7.4AI score0.0441EPSS

CNVD•added 2017/09/13 12:0 a.m.•2 views

AlegroCart SQL Injection Vulnerability

AlegroCart is an open source online business solution from the Canadian ALEGROCART team. A SQL injection vulnerability exists in AlegroCart version 1.2.8. Remote attackers can use a variety of methods to exploit the vulnerability to execute arbitrary SQL commands. The methods include:...

7.2CVSS7.6AI score0.01749EPSS

NVD•added 2017/09/11 8:29 p.m.•8 views

CVE-2015-9226

7.2CVSS7.6AI score0.01749EPSS

Prion•added 2017/09/11 8:29 p.m.•11 views

Sql injection

6.5CVSS8.8AI score0.01749EPSS

NVD•added 2017/09/11 8:29 p.m.•9 views

CVE-2015-9227

7.2CVSS7.3AI score0.0441EPSS

Prion•added 2017/09/11 8:29 p.m.•16 views

Remote file inclusion

6.5CVSS8AI score0.0441EPSS

Cvelist•added 2017/09/11 8:0 p.m.•14 views

CVE-2015-9227

7.3AI score0.0441EPSS

CVE•added 2017/09/11 8:0 p.m.•43 views

CVE-2015-9227

CVE-2015-9227 affects AlegroCart 1.2.8. The get_file function in upload/admin2/controller/report_logs.php is vulnerable to remote file inclusion, allowing an attacker to execute arbitrary PHP code via a URL provided in the file_path parameter. Public references (e.g., Exploit-DB) document exploit...

7.2CVSS7.3AI score0.0441EPSS

CVE•added 2017/09/11 8:0 p.m.•44 views

CVE-2015-9226

AlegroCart 1.2.8 is affected by multiple SQL injection vulnerabilities. Remote administrators can execute arbitrary SQL via the download parameter (check_download and possibly check_filename in upload/admin2/model/products/model_admin_download.php) or via the ref parameter in the orderUpdate func...

7.2CVSS7.5AI score0.01749EPSS

Cvelist•added 2017/09/11 8:0 p.m.•15 views

CVE-2015-9226

7.6AI score0.01749EPSS