Cpcommerce Security Vulnerabilities and Issues — Cpcommerce CVE List

Lucene search

CpcommerceCpcommerce

10 matches found

CVE•added 2009/04/20 2:30 p.m.•44 views

CVE-2009-1345

SQL injection vulnerability in document.php in cpCommerce 1.2.8 allows remote attackers to execute arbitrary SQL commands via the id_document parameter.

7.5CVSS8.7AI score0.00144EPSS

CVE•added 2008/10/21 6:0 p.m.•39 views

CVE-2008-4637

Cross-site scripting (XSS) vulnerability in cpCommerce before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors in the advanced search feature. NOTE: this is probably a variant of CVE-2008-4121.

4.3CVSS5.5AI score0.00545EPSS

CVE•added 2007/10/25 7:0 p.m.•37 views

CVE-2003-1500

PHP remote file inclusion vulnerability in _functions.php in cpCommerce 0.5f allows remote attackers to execute arbitrary code via the prefix parameter.

6.8CVSS9.8AI score0.03217EPSS

CVE•added 2008/04/22 4:41 a.m.•32 views

CVE-2008-1907

Multiple SQL injection vulnerabilities in functions/display_page.func.php in cpCommerce 1.1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id_product, (2) id_manufacturer, and (3) id_category parameters to unspecified components. NOTE: this probably overlaps CVE-2007-2959 an...

7.5CVSS8.4AI score0.00782EPSS

CVE•added 2007/05/31 11:30 p.m.•31 views

CVE-2007-2959

SQL injection vulnerability in manufacturer.php in cpCommerce before 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id_manufacturer parameter.

7.5CVSS8.3AI score0.00607EPSS

CVE•added 2007/05/30 1:30 a.m.•30 views

CVE-2007-2890

SQL injection vulnerability in category.php in cpCommerce 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id_category parameter.

7.5CVSS8.4AI score0.00782EPSS

CVE•added 2008/10/21 6:0 p.m.•29 views

CVE-2008-4121

Multiple cross-site scripting (XSS) vulnerabilities in cpCommerce before 1.2.4 allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter in a search.quick action to search.php and (2) the name parameter in a sendtofriend action to sendtofriend.php.

4.3CVSS5.6AI score0.00545EPSS

CVE•added 2007/06/01 1:30 a.m.•28 views

CVE-2007-2968

Cross-site scripting (XSS) vulnerability in register.php in cpCommerce 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter (Full Name field).

4.3CVSS5.7AI score0.00475EPSS

CVE•added 2008/04/22 4:41 a.m.•27 views

CVE-2008-1906

Cross-site scripting (XSS) vulnerability in calendar.php in cpCommerce 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the year parameter in a view.year action.

4.3CVSS5.7AI score0.04729EPSS

CVE•added 2008/04/22 4:41 a.m.•25 views

CVE-2008-1908

Multiple directory traversal vulnerabilities in cpCommerce 1.1.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the language parameter in a language action to the default URI, which is not properly handled in actions/language.act.php, or (2) the action...

7.5CVSS7.3AI score0.06227EPSS