CVE-2005-2544

The CVE-2005-2544 entry concerns Comdev eCommerce 3.0, where a PHP remote file inclusion flaw in config.php allows an attacker to execute arbitrary PHP code via path[docroot]. This is evidenced by multiple sources (NVD/CVE records and a Nessus plugin) describing remote code execution possibilitie...

CVE-2005-2138

CVE-2005-2138 describes a Cross-site Scripting (XSS) vulnerability in the Comdev eCommerce 3.0 and 3.1 product line, specifically in index.php. The flaw allows remote attackers to inject arbitrary web script or HTML by injecting Javascript into the onMouseOver event of an anchor tag in a review m...

CVE-2007-3081

CVE-2007-3081 is a documented PHP remote file inclusion in Comdev eCommerce 4.1 , affecting the file sampleecommerce.php via a URL in the path[docroot] parameter, allowing remote arbitrary PHP code execution. This is supported by multiple feeds (NVD, CVE lists, PRION, CVELIST) and has a CVSSv2 ba...

CVE-2005-2543

The CVE-2005-2543 entry describes a directory traversal vulnerability in Comdev eCommerce 3.0, specifically in wce.download.php, where the download parameter can be abused with a .. (dot dot) to download arbitrary files. Affected product/component: Comdev eCommerce 3.0 / wce.download.php. Root ca...