Lucene search
K

9 matches found

Prion
Prion
added 2020/01/31 10:15 p.m.18 views

Sql injection

Multiple SQL injection vulnerabilities in ZeusCart 4.x...

6.5CVSS8.4AI score0.02461EPSS
Exploits2References4Affected Software1
Prion
Prion
added 2015/03/11 2:59 p.m.20 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ZeusCart 4 allow remote attackers to inject arbitrary web script or HTML via the 1 schltr parameter in a brands action or 2 brand parameter in a viewbrands action to index.php. NOTE: The search parameter vector is already covered by CVE-2010-53...

4.3CVSS5.9AI score0.04454EPSS
Exploits4References11Affected Software1
CVE
CVE
added 2015/03/11 2:0 p.m.58 views

CVE-2015-2182

CVE-2015-2182 describes multiple XSS vulnerabilities in ZeusCart 4. Remote attackers can inject arbitrary script/HTML via two parameters: (1) schltr in the brands action and (2) brand in the viewbrands action to index.php. The panel notes that the search parameter vector is covered by CVE-2010-53...

4.3CVSS5.7AI score0.04454EPSS
Exploits3References11Affected Software1
NVD
NVD
added 2015/03/10 2:59 p.m.16 views

CVE-2015-2184

ZeusCart 4 allows remote attackers to obtain configuration information via a getphpinfo action to admin/, which calls the phpinfo function...

5CVSS6.3AI score0.08399EPSS
Exploits1References8
NVD
NVD
added 2015/03/10 2:59 p.m.13 views

CVE-2015-2183

Multiple SQL injection vulnerabilities in the administrative backend in ZeusCart 4 allow remote administrators to execute arbitrary SQL commands via the id parameter in a 1 disporders detail or 2 subadminmgt edit action or 3 cid parameter in an editcurrency action to admin/...

7.5CVSS8.4AI score0.03531EPSS
Exploits1References8
Prion
Prion
added 2015/03/10 2:59 p.m.14 views

Design/Logic Flaw

ZeusCart 4 allows remote attackers to obtain configuration information via a getphpinfo action to admin/, which calls the phpinfo function...

5CVSS6.8AI score0.08399EPSS
Exploits1References8Affected Software1
Prion
Prion
added 2015/03/10 2:59 p.m.13 views

Sql injection

Multiple SQL injection vulnerabilities in the administrative backend in ZeusCart 4 allow remote administrators to execute arbitrary SQL commands via the id parameter in a 1 disporders detail or 2 subadminmgt edit action or 3 cid parameter in an editcurrency action to admin/...

7.5CVSS9.1AI score0.03531EPSS
Exploits1References8Affected Software1
CVE
CVE
added 2015/03/10 2:0 p.m.52 views

CVE-2015-2184

ZeusCart 4 is affected by an information-disclosure vulnerability: remote attackers can retrieve configuration data by invoking the getphpinfo operation on admin/ which triggers the PHP phpinfo() function. This exposes sensitive configuration details and is documented across multiple sources (NVD...

5CVSS6.5AI score0.08399EPSS
Exploits1References8Affected Software1
Cvelist
Cvelist
added 2015/03/10 2:0 p.m.23 views

CVE-2015-2183

Multiple SQL injection vulnerabilities in the administrative backend in ZeusCart 4 allow remote administrators to execute arbitrary SQL commands via the id parameter in a 1 disporders detail or 2 subadminmgt edit action or 3 cid parameter in an editcurrency action to admin/...

8.4AI score0.03531EPSS
Exploits1References8
Rows per page
Query Builder