12 matches found
EUVD-2008-1462
Malware in sbrugna...
EUVD-2017-2526
Malware in sbrugna...
CVE-2025-50847
Cross Site Request Forgery CSRF vulnerability in CS Cart 4.18.3, allows attackers to add products to a user's comparison list via a crafted HTTP request...
CVE-2025-50849
CS Cart 4.18.3 is affected by CVE-2025-50849: an Insecure Direct Object Reference (IDOR) in the user profile function via the company_id parameter allows an authenticated user to alter another user’s sticker setting due to insufficient server-side validation. Root cause: improper validation of ob...
CVE-2020-9009
The ShipStation.com plugin 1.1 and earlier for CS-Cart allows remote attackers to insert arbitrary information into the database via action=shipnotify because access to this endpoint is completely unchecked. The attacker must guess an order number...
CVE-2013-7317
Multiple cross-site scripting XSS vulnerabilities in CS-Cart before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 settingsfile or 2 datafile parameter to a ampie.swf, b amline.swf, or c amcolumn.swf...
CVE-2013-0118
CS-Cart before 3.0.6, when PayPal Standard Payments is configured, allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's self...
CS-Cart 安全漏洞
CS-Cart is an e-commerce platform from CS-Cart Inc. A security vulnerability exists in CS-Cart version 4.16.1. An attacker exploited the vulnerability to change arbitrary user account profiles via a specially crafted request...
CVE-2020-9009
The ShipStation.com plugin 1.1 and earlier for CS-Cart allows remote attackers to insert arbitrary information into the database via action=shipnotify because access to this endpoint is completely unchecked. The attacker must guess an order number...
CVE-2020-8889
The ShipStation.com plugin 1.0 for CS-Cart allows remote attackers to obtain sensitive information via action=export because a typo results in a successful comparison of a blank password and NULL...
CS Cart 4.6.2 Shell Upload
Summary CSC Cart is a PHP based shopping cart software, which is hosted either locally or by the company csc-cart company. It has a vulnerability in the administration section, which allows full remote code execution on the server. This has been allcoated CVE-2017-15673 Vendor of Product...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in CS-Cart 4.2.4 allows remote attackers to hijack the authentication of users for requests that change a user password via a request to profiles-update/...