91 matches found
CVE-2008-1907
CVE-2008-1907 describes multiple SQL injection vulnerabilities in cpCommerce 1.1.0, specifically in functions/display_page.func.php. The attacker can remotely execute arbitrary SQL commands via the (1) id_product, (2) id_manufacturer, and (3) id_category parameters to unspecified components, indi...
cpcommerce-xsslfi.txt
www.BugReport.ir AmnPardaz Security Research Team Title: cpCommerce Multiple Vulnerabilities Vendor: http://cpcommerce.cpradio.org Bugs: XSS, SQL Injection , Local File Inclusion Vulnerable Version: 1.1.0 prior versions also may be affected Exploitation: Remote with browser Fix: N/A Original...
CPCommerce 1.1.0 - Cross-Site Scripting Local File Inclusion
CPCommerce 1.1.0 - Cross-Site Scripting Local File Inclusion www.BugReport.ir AmnPardaz Security Research Team Title: cpCommerce Multiple Vulnerabilities Vendor: http://cpcommerce.cpradio.org Bugs: XSS, SQL Injection , Local File Inclusion Vulnerable Version: 1.1.0 prior versions also may be...
cpCommerce 1.1.0 (XSS/LFI) Multiple Remote Vulnerabilities
No description provided by source. www.BugReport.ir AmnPardaz Security Research Team Title: cpCommerce Multiple Vulnerabilities Vendor: http://cpcommerce.cpradio.org Bugs: XSS, SQL Injection , Local File Inclusion Vulnerable Version: 1.1.0 prior versions also may be affected Exploitation: Remote...
cpCommerce 1.1.0 (XSS/LFI) Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications ========================================================== cpCommerce 1.1.0 XSS/LFI Multiple Remote Vulnerabilities ========================================================== AmnPardaz Security Research Team Title: cpCommerce Multiple...
CPCommerce 1.1.0 - Cross-Site Scripting / Local File Inclusion
www.BugReport.ir AmnPardaz Security Research Team Title: cpCommerce Multiple Vulnerabilities Vendor: http://cpcommerce.cpradio.org Bugs: XSS, SQL Injection , Local File Inclusion Vulnerable Version: 1.1.0 prior versions also may be affected Exploitation: Remote with browser Fix: N/A Original...
CVE-2003-1500
CVE-2003-1500 : PHP remote file inclusion in cpCommerce 0.5f’s _functions.php allows remote attackers to execute arbitrary code via the prefix parameter. The vulnerability is caused by insufficient validation in the function handling the prefix, enabling RFI and potential code execution. Public r...
CVE-2003-1500
PHP remote file inclusion vulnerability in functions.php in cpCommerce 0.5f allows remote attackers to execute arbitrary code via the prefix parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in register.php in cpCommerce 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter Full Name field...
CVE-2007-2968
Cross-site scripting XSS vulnerability in register.php in cpCommerce 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter Full Name field...
CVE-2007-2968
cpCommerce 1.1.0 and earlier contains an XSS vulnerability in register.php via the name field (Full Name). Remote attackers can inject arbitrary web script/HTML. Affected component: register.php in cpCommerce 1.1.0 and earlier. No remediation details are provided in the supplied documents. Exploi...
CVE-2007-2968
Cross-site scripting XSS vulnerability in register.php in cpCommerce 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter Full Name field...
CPCommerce Manufacturer.PHP SQL注入漏洞
CPCommerce是一款基于PHP的WEB应用程序。 CPCommerce不正确过滤用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,获得敏感信息。 问题是'Manufacturer.PHP'脚本对用户提交的'idmanufacturer'参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息。 cpCommerce cpCommerce 1.1 目前没有解决方案提供: http://cpcommerce.cpradio.org/...
Sql injection
SQL injection vulnerability in manufacturer.php in cpCommerce before 1.1.0 allows remote attackers to execute arbitrary SQL commands via the idmanufacturer parameter...
CVE-2007-2959
SQL injection vulnerability in manufacturer.php in cpCommerce before 1.1.0 allows remote attackers to execute arbitrary SQL commands via the idmanufacturer parameter...
CVE-2007-2959
SQL injection vulnerability in manufacturer.php in cpCommerce before 1.1.0 allows remote attackers to execute arbitrary SQL commands via the idmanufacturer parameter...
CVE-2007-2959
CVE-2007-2959 affects cpCommerce before 1.1.0. The vulnerability is an SQL injection in manufacturer.php exploitable via the id_manufacturer parameter, allowing remote attackers to execute arbitrary SQL. The NVD entry lists a high impact (base score 7.5) with network access and no authentication ...
Sql injection
SQL injection vulnerability in category.php in cpCommerce 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idcategory parameter...
CVE-2007-2890
SQL injection vulnerability in category.php in cpCommerce 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idcategory parameter...
CVE-2007-2890
SQL injection vulnerability in category.php in cpCommerce 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idcategory parameter...