13 matches found
EUVD-2015-9079
Malware in sbrugna...
CVE-2015-9226
Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the 1 checkdownload and possibly 2 checkfilename function in upload/admin2/model/products/modeladmindownload.php or remote authenticated users wit...
CVE-2015-9227
PHP remote file inclusion vulnerability in the getfile function in upload/admin2/controller/reportlogs.php in AlegroCart 1.2.8 allows remote administrators to execute arbitrary PHP code via a URL in the filepath parameter to upload/admin2...
Sql injection
Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the 1 checkdownload and possibly 2 checkfilename function in upload/admin2/model/products/modeladmindownload.php or remote authenticated users wit...
Remote file inclusion
PHP remote file inclusion vulnerability in the getfile function in upload/admin2/controller/reportlogs.php in AlegroCart 1.2.8 allows remote administrators to execute arbitrary PHP code via a URL in the filepath parameter to upload/admin2...
CVE-2015-9227
PHP remote file inclusion vulnerability in the getfile function in upload/admin2/controller/reportlogs.php in AlegroCart 1.2.8 allows remote administrators to execute arbitrary PHP code via a URL in the filepath parameter to upload/admin2...
CVE-2015-9227
CVE-2015-9227 affects AlegroCart 1.2.8. The get_file function in upload/admin2/controller/report_logs.php is vulnerable to remote file inclusion, allowing an attacker to execute arbitrary PHP code via a URL provided in the file_path parameter. Public references (e.g., Exploit-DB) document exploit...
AlegroCart 1.2.8 - LFI/RFI Vulnerability
Exploit for php platform in category web applications 1. Introduction Affected Product: AlegroCart 1.2.8 Fixed in: Patch AC128fix22102015 Path Link: http://forum.alegrocart.com/download/file.php?id=1047 Vendor Website: http://alegrocart.com/ Vulnerability Type: LFI/RFI Remote Exploitable: Yes...
AlegroCart 1.2.8 - Multiple SQL Injection Vulnerabilities
Exploit for php platform in category web applications 1. Introduction Affected Product: AlegroCart 1.2.8 Fixed in: Patch AC128fix17102015 Path Link: http://forum.alegrocart.com/download/file.php?id=1040 Vendor Website: http://alegrocart.com/ Vulnerability Type: SQL Injection Remote Exploitable: Y...
AlegroCart 1.2.8 SQL Injection
Security Advisory - Curesec Research Team 1. Introduction Affected Product: AlegroCart 1.2.8 Fixed in: Patch AC128fix17102015 Path Link: http://forum.alegrocart.com/download/file.php?id=1040 Vendor Website: http://alegrocart.com/ Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported ...
AlegroCart 1.2.8 - LocalRemote File Inclusion
AlegroCart 1.2.8 - LocalRemote File Inclusion Security Advisory - Curesec Research Team 1. Introduction Affected Product: AlegroCart 1.2.8 Fixed in: Patch AC128fix22102015 Path Link: http://forum.alegrocart.com/download/file.php?id=1047 Vendor Website: http://alegrocart.com/ Vulnerability Type:...
AlegroCart 1.2.8 Local / Remote File Inclusion
Security Advisory - Curesec Research Team 1. Introduction Affected Product: AlegroCart 1.2.8 Fixed in: Patch AC128fix22102015 Path Link: http://forum.alegrocart.com/download/file.php?id=1047 Vendor Website: http://alegrocart.com/ Vulnerability Type: LFI/RFI Remote Exploitable: Yes Reported to...
AlegroCart 1.2.8 - Local/Remote File Inclusion
Security Advisory - Curesec Research Team 1. Introduction Affected Product: AlegroCart 1.2.8 Fixed in: Patch AC128fix22102015 Path Link: http://forum.alegrocart.com/download/file.php?id=1047 Vendor Website: http://alegrocart.com/ Vulnerability Type: LFI/RFI Remote Exploitable: Yes Reported to...