Lucene search

Dfd Cart Security Vulnerabilities

cve

CVE-2007-5098

Multiple PHP remote file inclusion vulnerabilities in DFD Cart 1.1.4 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the set_depth parameter to (1) app.lib/product.control/core.php/product.control.config.php, or (2) customer.browse.li...

7.6AI Score

0.297EPSS

2007-09-26 10:17 PM

cve

CVE-2007-5136

Cross-site scripting (XSS) vulnerability in DFD Cart 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

5.7AI Score

0.002EPSS

2007-09-28 09:17 PM

cve

CVE-2010-1541

Multiple cross-site scripting (XSS) vulnerabilities in DFD Cart 1.198, 1.197, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) category and (2) list_quantity parameters to index.php, and the (3) category parameter to your.order.php.

5.9AI Score

0.003EPSS

2010-04-26 07:30 PM

cve

CVE-2010-1542

Multiple cross-site request forgery (CSRF) vulnerabilities in admin/configure.php in DFD Cart 1.198, 1.197, and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks or (2) change unspecified settings.

6.8AI Score

0.001EPSS

2010-04-26 07:30 PM