Lucene search
K

91 matches found

CVE
CVE
added 2008/04/21 11:0 p.m.42 views

CVE-2008-1907

CVE-2008-1907 describes multiple SQL injection vulnerabilities in cpCommerce 1.1.0, specifically in functions/display_page.func.php. The attacker can remotely execute arbitrary SQL commands via the (1) id_product, (2) id_manufacturer, and (3) id_category parameters to unspecified components, indi...

7.5CVSS8.4AI score0.00997EPSS
Exploits1References5Affected Software1
Packet Storm
Packet Storm
added 2008/04/14 12:0 a.m.31 views

cpcommerce-xsslfi.txt

www.BugReport.ir AmnPardaz Security Research Team Title: cpCommerce Multiple Vulnerabilities Vendor: http://cpcommerce.cpradio.org Bugs: XSS, SQL Injection , Local File Inclusion Vulnerable Version: 1.1.0 prior versions also may be affected Exploitation: Remote with browser Fix: N/A Original...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2008/04/13 12:0 a.m.17 views

CPCommerce 1.1.0 - Cross-Site Scripting Local File Inclusion

CPCommerce 1.1.0 - Cross-Site Scripting Local File Inclusion www.BugReport.ir AmnPardaz Security Research Team Title: cpCommerce Multiple Vulnerabilities Vendor: http://cpcommerce.cpradio.org Bugs: XSS, SQL Injection , Local File Inclusion Vulnerable Version: 1.1.0 prior versions also may be...

6.8AI score
Exploits0
seebug.org
seebug.org
added 2008/04/13 12:0 a.m.15 views

cpCommerce 1.1.0 (XSS/LFI) Multiple Remote Vulnerabilities

No description provided by source. www.BugReport.ir AmnPardaz Security Research Team Title: cpCommerce Multiple Vulnerabilities Vendor: http://cpcommerce.cpradio.org Bugs: XSS, SQL Injection , Local File Inclusion Vulnerable Version: 1.1.0 prior versions also may be affected Exploitation: Remote...

7.1AI score
Exploits0
0day.today
0day.today
added 2008/04/13 12:0 a.m.19 views

cpCommerce 1.1.0 (XSS/LFI) Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ========================================================== cpCommerce 1.1.0 XSS/LFI Multiple Remote Vulnerabilities ========================================================== AmnPardaz Security Research Team Title: cpCommerce Multiple...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2008/04/13 12:0 a.m.43 views

CPCommerce 1.1.0 - Cross-Site Scripting / Local File Inclusion

www.BugReport.ir AmnPardaz Security Research Team Title: cpCommerce Multiple Vulnerabilities Vendor: http://cpcommerce.cpradio.org Bugs: XSS, SQL Injection , Local File Inclusion Vulnerable Version: 1.1.0 prior versions also may be affected Exploitation: Remote with browser Fix: N/A Original...

7AI score
Exploits0
CVE
CVE
added 2007/10/25 7:0 p.m.49 views

CVE-2003-1500

CVE-2003-1500 : PHP remote file inclusion in cpCommerce 0.5f’s _functions.php allows remote attackers to execute arbitrary code via the prefix parameter. The vulnerability is caused by insufficient validation in the function handling the prefix, enabling RFI and potential code execution. Public r...

6.8CVSS9.8AI score0.02786EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2007/10/25 7:0 p.m.21 views

CVE-2003-1500

PHP remote file inclusion vulnerability in functions.php in cpCommerce 0.5f allows remote attackers to execute arbitrary code via the prefix parameter...

9.8AI score0.02786EPSS
Exploits0References6
Prion
Prion
added 2007/06/01 1:30 a.m.15 views

Cross site scripting

Cross-site scripting XSS vulnerability in register.php in cpCommerce 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter Full Name field...

4.3CVSS6.2AI score0.01224EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2007/06/01 1:30 a.m.14 views

CVE-2007-2968

Cross-site scripting XSS vulnerability in register.php in cpCommerce 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter Full Name field...

4.3CVSS5.7AI score0.01224EPSS
Exploits0References6
CVE
CVE
added 2007/06/01 1:0 a.m.37 views

CVE-2007-2968

cpCommerce 1.1.0 and earlier contains an XSS vulnerability in register.php via the name field (Full Name). Remote attackers can inject arbitrary web script/HTML. Affected component: register.php in cpCommerce 1.1.0 and earlier. No remediation details are provided in the supplied documents. Exploi...

4.3CVSS5.7AI score0.01224EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2007/06/01 1:0 a.m.19 views

CVE-2007-2968

Cross-site scripting XSS vulnerability in register.php in cpCommerce 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter Full Name field...

5.7AI score0.01224EPSS
Exploits0References6
seebug.org
seebug.org
added 2007/06/01 12:0 a.m.17 views

CPCommerce Manufacturer.PHP SQL注入漏洞

CPCommerce是一款基于PHP的WEB应用程序。 CPCommerce不正确过滤用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,获得敏感信息。 问题是'Manufacturer.PHP'脚本对用户提交的'idmanufacturer'参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息。 cpCommerce cpCommerce 1.1 目前没有解决方案提供: http://cpcommerce.cpradio.org/...

7.1AI score
Exploits0
Prion
Prion
added 2007/05/31 11:30 p.m.15 views

Sql injection

SQL injection vulnerability in manufacturer.php in cpCommerce before 1.1.0 allows remote attackers to execute arbitrary SQL commands via the idmanufacturer parameter...

7.5CVSS8.8AI score0.01187EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2007/05/31 11:30 p.m.19 views

CVE-2007-2959

SQL injection vulnerability in manufacturer.php in cpCommerce before 1.1.0 allows remote attackers to execute arbitrary SQL commands via the idmanufacturer parameter...

7.5CVSS8.2AI score0.01187EPSS
Exploits1References5
Cvelist
Cvelist
added 2007/05/31 11:0 p.m.24 views

CVE-2007-2959

SQL injection vulnerability in manufacturer.php in cpCommerce before 1.1.0 allows remote attackers to execute arbitrary SQL commands via the idmanufacturer parameter...

8.2AI score0.01187EPSS
Exploits1References5
CVE
CVE
added 2007/05/31 11:0 p.m.40 views

CVE-2007-2959

CVE-2007-2959 affects cpCommerce before 1.1.0. The vulnerability is an SQL injection in manufacturer.php exploitable via the id_manufacturer parameter, allowing remote attackers to execute arbitrary SQL. The NVD entry lists a high impact (base score 7.5) with network access and no authentication ...

7.5CVSS8.3AI score0.01187EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2007/05/30 1:30 a.m.11 views

Sql injection

SQL injection vulnerability in category.php in cpCommerce 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idcategory parameter...

7.5CVSS8.8AI score0.01195EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2007/05/30 1:30 a.m.19 views

CVE-2007-2890

SQL injection vulnerability in category.php in cpCommerce 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idcategory parameter...

7.5CVSS8.2AI score0.01195EPSS
Exploits1References6
Cvelist
Cvelist
added 2007/05/30 1:0 a.m.25 views

CVE-2007-2890

SQL injection vulnerability in category.php in cpCommerce 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idcategory parameter...

8.2AI score0.01195EPSS
Exploits1References6
Rows per page
Query Builder