Lucene search

K

Midicart Security Vulnerabilities

cve
cve

CVE-2006-6463

Unrestricted file upload vulnerability in admin/add.php in Midicart allows remote authenticated users to upload arbitrary .php files, and possibly other files, to the images/ directory under the web...

6.9AI Score

0.005EPSS

2006-12-11 06:28 PM
24
cve
cve

CVE-2006-6464

viewcart in Midicart accepts negative numbers in the Qty (quantity) field, which allows remote attackers to obtain a smaller total price for a shopping...

6.9AI Score

0.011EPSS

2006-12-11 06:28 PM
24
cve
cve

CVE-2002-1798

MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) upload arbitrary php files via a direct request to admin/upload.php or (2) access sensitive information via a direct request to...

9.1CVSS

7AI Score

0.008EPSS

2005-06-28 04:00 AM
32
cve
cve

CVE-2006-6209

Multiple SQL injection vulnerabilities in MidiCart ASP Shopping Cart and ASP Plus Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) id2006quant parameter to (a) item_show.asp, or the (2) maingroup or (3) secondgroup parameter to (b) item_list.asp. NOTE: the...

8.5AI Score

0.037EPSS

2006-12-01 01:28 AM
19
cve
cve

CVE-2005-2601

SQL injection vulnerability in MidiCart allows remote attackers to execute arbitrary SQL commands via the code_no parameter to (1) Item_Show.asp or (2)...

8.8AI Score

0.003EPSS

2005-08-17 04:00 AM
71
cve
cve

CVE-2005-1501

MidiCart PHP Shopping Cart allows remote attackers to obtain sensitive information via a direct request to (1) search_list.php, (2) item_list.php, or (3) item_show.php, which reveal the path in a PHP error...

6.6AI Score

0.011EPSS

2005-05-11 04:00 AM
26
cve
cve

CVE-2005-1502

Cross-site scripting (XSS) vulnerability in MidiCart PHP Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the (1) searchstring parameter to search_list.php or the (2) secondgroup or (3) maingroup parameters to...

6AI Score

0.073EPSS

2005-05-11 04:00 AM
50
cve
cve

CVE-2005-1503

Multiple SQL injection vulnerabilities in MidiCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) searchstring parameter to search_list.php, the (2) maingroup or (3) secondgroup parameters to item_list.php, or (4) code_no parameter to...

9AI Score

0.012EPSS

2005-05-11 04:00 AM
91