CVE-2020-12101

The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remote authenticated users to zero out other user's stored addresses by manipulating an id field in the POST request for altering an address...

PT-2020-13033 · Xt · Xt:Commerce

Name of the Vulnerable Software and Affected Versions: xt:Commerce versions 5.1 through 6.2.2 Description: The issue allows remote authenticated users to manipulate the id field in the POST request for altering an address, enabling them to zero out other users' stored addresses. Recommendations:...

XT-Commerce 1.0 Beta 1 => Pass / Creat and Download Backup Vulnerability

No description provided by source...

PT-2011-5166 · Xt:Commerce · Xt:Commerce

Name of the Vulnerable Software and Affected Versions: xt:Commerce versions 3.0.4 SP2.1 and earlier Description: The issue allows remote attackers to hijack the authentication of admins for specific requests. This can be achieved through cross-site request forgery CSRF vulnerabilities. The...

CVE-2010-4954

SQL injection vulnerability in productreviewsinfo.php in xt:Commerce Gambio 2008 allows remote attackers to execute arbitrary SQL commands via the productsid parameter...

XT-Commerce Version 3.0.4 SQL Injection Exploit

Exploit for php platform in category web applications =============================================== XT-Commerce Version 3.0.4 SQL Injection Exploit =============================================== ?php print"\n"; print" Exploit coded by 5ev3n \n"; print" \n"; print" Exploit for XT-Commerce Versi...

XT-Commerce 3.0.4 SQL Injection

?php print"\n"; print" Exploit coded by 5ev3n \n"; print" \n"; print" Exploit for XT-Commerce Version 3.0.4 \n"; print" \n"; print" usage: \n"; print" php -f exploit.php http://site.de/ \n"; print" \n"; print" greetz to NEAVORC & http://core.am \n"; print"\n\n"; $checkvuln =...

XT-Commerce v1 Beta 1 permission to bypass the Modify download backup vulnerability-vulnerability warning-the black bar safety net

Premiere: the Red section of the network security Author: Amxking Submitted to: indoushka Vulnerability program: XT-Commerce v1 Beta 1 Affected version: v1 Beta 1 Risk level: medium Vulnerability description: Amxking:the vulnerability is I and the foreign Avengers team communication time obtained...

XT-Commerce 1.0 Beta 1 - Pass Create and Download Backup

XT-Commerce 1.0 Beta 1 - Pass Create and Download Backup ======================================================================================== | Title : XT-Commerce v1 Beta 1 = by Pass / Creat and Download Backup Vulnerability | Author : indoushka | email : [email protected] | Dork : Power...

XT-Commerce v1 Beta 1 => by Pass / Creat + Download Backup Vuln

Exploit for php platform in category web applications ========================================================================== XT-Commerce v1 Beta 1 = by Pass / Creat and Download Backup Vulnerability ==========================================================================...

XT-Commerce 1.0 Beta 1 - Pass / Create and Download Backup

======================================================================================== | Title : XT-Commerce v1 Beta 1 = by Pass / Creat and Download Backup Vulnerability | Author : indoushka | email : [email protected] | Dork : Powered by XT-Commerce | Tested on: windows SP2 Français V.Pnx...

PT-2010-3056 · Xt:Commerce · Xt:Commerce

Name of the Vulnerable Software and Affected Versions: xt:Commerce affected versions not specified Description: The issue allows remote attackers to execute arbitrary SQL commands via the coID parameter in the Direct URL module, specifically in the bluegate seo.inc.php file, when magic quotes gpc...

XT-Commerce 1 Beta 1 Create / Download Backup

======================================================================================== | Title : XT-Commerce v1 Beta 1 = by Pass / Creat and Download Backup Vulnerability | Author : indoushka | email : [email protected] | Dork : Powered by XT-Commerce | Tested on: windows SP2 Français V.Pnx...

PT-2009-1778 · Xt · Xt:Commerce

Name of the Vulnerable Software and Affected Versions: xt:Commerce versions prior to 3.0.4 Sp2.1 Description: The issue allows remote attackers to execute arbitrary SQL commands via unspecified vectors when magic quotes gpc is enabled and the SEO URLs are activated. Recommendations: For versions...

PT-2009-1519 · Xt · Xt:Commerce

Name of the Vulnerable Software and Affected Versions: xt:Commerce versions 3.0.4 and earlier Description: The issue is related to a cross-site scripting XSS vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in the advanced...

PT-2009-1520 · Xt:Commerce · Xt:Commerce

Name of the Vulnerable Software and Affected Versions: xt:Commerce versions 3.0.4 and earlier Description: The issue allows remote attackers to hijack web sessions by setting the XTCsid parameter in the shopping cart.php file. This enables attackers to take control of user sessions, potentially...

XSS in XT-Commerce v2.0 RC1.2

Advisory: XSS in XT-Commerce v2.0 RC1.2 Home Page: http://xtcommerce/ Уязвимость/Vulnerability: Межсайтовый скриптинг/Cross Site Scripting Уязвимый скрипт/Vulnerable script: advancedsearchresult.php http://www.immobilien-uckermark.de/advancedsearchresult.php?keywords="scriptalert/script"&x=30&y=1...