Lucene search
+L
CactusoftCactushop

4 matches found

cve
cve
added 2005/05/10 4:0 a.m.63 views

CVE-2004-1881

CVE-2004-1881 affects CactuShop 5.x. The SQL injection vulnerability occurs in mailorder.asp and payonline.asp, where the user-supplied strItems parameter is not filtered before use in an SQL query, allowing remote attackers to modify queries and potentially execute system commands (e.g., via xp_...

7.5CVSS8.4AI score0.03067EPSS
cve
cve
added 2006/11/21 2:0 a.m.48 views

CVE-2006-5991

CVE-2006-5991 describes multiple SQL injection vulnerabilities in the wwweb Concepts CactuShop application, enabling remote attackers to alter or extract data by supplying crafted values to the following parameters: (1) prodtype in prodtype.asp and (2) product in product.asp. The connected docume...

7.5CVSS8.9AI score0.01436EPSS
cve
cve
added 2005/05/10 4:0 a.m.47 views

CVE-2004-1882

CVE-2004-1882 concerns CactuShop 5.x (ASP). The vulnerability is a cross-site scripting (XSS) flaw in the script popuplargeimage.asp, exploitable via the user-controlled parameter strImageTag . OpenVAS notes that the remote host runs CactuShop and that lack of sanitization can enable execution of...

4.3CVSS5.7AI score0.04031EPSS
cve
cve
added 2007/06/06 1:0 a.m.44 views

CVE-2007-3061

CVE-2007-3061 affects Cactushop 6 and earlier. The issue is improper access control that allows remote attackers to download sensitive data by requesting web-root stored databases (cactushop6.mdb or cactushop5.mdb). The description specifies direct access to these .mdb files as the attack vector....

7.8CVSS6.4AI score0.02582EPSS