9 matches found
Sql injection
Multiple SQL injection vulnerabilities in ZeusCart 4.x...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in ZeusCart 4 allow remote attackers to inject arbitrary web script or HTML via the 1 schltr parameter in a brands action or 2 brand parameter in a viewbrands action to index.php. NOTE: The search parameter vector is already covered by CVE-2010-53...
CVE-2015-2182
CVE-2015-2182 describes multiple XSS vulnerabilities in ZeusCart 4. Remote attackers can inject arbitrary script/HTML via two parameters: (1) schltr in the brands action and (2) brand in the viewbrands action to index.php. The panel notes that the search parameter vector is covered by CVE-2010-53...
CVE-2015-2184
ZeusCart 4 allows remote attackers to obtain configuration information via a getphpinfo action to admin/, which calls the phpinfo function...
CVE-2015-2183
Multiple SQL injection vulnerabilities in the administrative backend in ZeusCart 4 allow remote administrators to execute arbitrary SQL commands via the id parameter in a 1 disporders detail or 2 subadminmgt edit action or 3 cid parameter in an editcurrency action to admin/...
Design/Logic Flaw
ZeusCart 4 allows remote attackers to obtain configuration information via a getphpinfo action to admin/, which calls the phpinfo function...
Sql injection
Multiple SQL injection vulnerabilities in the administrative backend in ZeusCart 4 allow remote administrators to execute arbitrary SQL commands via the id parameter in a 1 disporders detail or 2 subadminmgt edit action or 3 cid parameter in an editcurrency action to admin/...
CVE-2015-2184
ZeusCart 4 is affected by an information-disclosure vulnerability: remote attackers can retrieve configuration data by invoking the getphpinfo operation on admin/ which triggers the PHP phpinfo() function. This exposes sensitive configuration details and is documented across multiple sources (NVD...
CVE-2015-2183
Multiple SQL injection vulnerabilities in the administrative backend in ZeusCart 4 allow remote administrators to execute arbitrary SQL commands via the id parameter in a 1 disporders detail or 2 subadminmgt edit action or 3 cid parameter in an editcurrency action to admin/...