3 matches found
CVE-2007-5136
CVE-2007-5136 is an XSS vulnerability affecting DFD Cart 1.1.4 and earlier. The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, with a CVSS v2 base score of 4.3 (Medium) and impacts including partial integrity but no confidentiality or availability im...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in DFD Cart 1.1.4 and earlier, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the setdepth parameter to 1 app.lib/product.control/core.php/product.control.config.php, or 2 customer.browse.list.p...
CVE-2007-5098
Multiple PHP remote file inclusion vulnerabilities in DFD Cart 1.1.4 and earlier, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the setdepth parameter to 1 app.lib/product.control/core.php/product.control.config.php, or 2 customer.browse.list.p...