91 matches found
CVE-2007-2890
SQL injection vulnerability in category.php in cpCommerce 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idcategory parameter...
cpcommerce < v1.1.0 [sql injection]
vendor site:http://cpcommerce.cpradio.org/ product:cpcommerce v1.1.0 bug: sql injection risk : high note:works regardless of php.ini settings . http://127.0.0.1/cpcommerce/manufacturer.php?idmanufacturer=-9//union//select//pass,LOADFILE0x2F6574632F706173737764,0//from//cpAccounts/ //result:...
cpcommerce-sql.txt
126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15...
CPCommerce 1.1 - manufacturer.php SQL Injection
CPCommerce 1.1 - manufacturer.php SQL Injection source: https://www.securityfocus.com/bid/24223/info cpCommerce is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...
CPCommerce 1.1 - 'manufacturer.php' SQL Injection
source: https://www.securityfocus.com/bid/24223/info cpCommerce is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify...
Vulnerability - cpCommerce - XSS
cpcommerce is a FOSS php-based e-commerce shopping cart web application. Exploit: Javascript placed inside a user's "Full Name:" field will not be stripped - it will be added to the database 'as-is' as long as it has no quotations in the string. When the admin goes to the clients view page, the...
cpCommerce <= 1.1.0 (category.php id_category) SQL Injection Exploit
Exploit for unknown platform in category web applications ==================================================================== cpCommerce 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$str...
CVE-2003-1500
PHP remote file inclusion vulnerability in functions.php in cpCommerce 0.5f allows remote attackers to execute arbitrary code via the prefix parameter...
PT-2003-2445 · Cpcommerce · Cpcommerce
Name of the Vulnerable Software and Affected Versions: cpCommerce version 0.5f Description: The issue allows remote attackers to execute arbitrary code via the prefix parameter in the functions.php file. This is a result of a remote file inclusion vulnerability. Recommendations: For cpCommerce...
cpCommerce.exp.txt
ZH2003-31SA security advisory: file inclusion vulnerability in cpCommerce Published: 19 October 2003 Name: cpCommerce Affected Versions: 0.05f and other versions? Vendor: http://www.cpcommerce.org Issue: file inclusion vulnerability Author: Astharot at Zone-H.org Description Zone-H Security Team...
ZH2003-31SA (security advisory): file inclusion vulnerability in cpCommerce
ZH2003-31SA security advisory: file inclusion vulnerability in cpCommerce Published: 19 October 2003 Name: cpCommerce Affected Versions: 0.05f and other versions? Vendor: http://www.cpcommerce.org Issue: file inclusion vulnerability Author: Astharot at Zone-H.org Description Zone-H Security Team...