Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
Cs-cartCs-cart

18 matches found

CVE
CVEadded 2017/11/28 3:29 p.m.120 views

CVE-2017-15673

The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbitrary PHP code via vectors involving a custom page.

9CVSS7.2AI score0.00415EPSS
CVE
CVEadded 2006/06/06 8:6 p.m.54 views

CVE-2006-2863

PHP remote file inclusion vulnerability in class.cs_phpmailer.php in CS-Cart 1.3.3 allows remote attackers to execute arbitrary PHP code via a URL in the classes_dir parameter.

5.1CVSS7.5AI score0.0884EPSS
CVE
CVEadded 2007/01/13 2:28 a.m.54 views

CVE-2007-0230

PHP remote file inclusion vulnerability in install.php in CS-Cart 1.3.3 allows remote attackers to execute arbitrary PHP code via a URL in the install_dir parameter. NOTE: CVE and third parties dispute this vulnerability because install_dir is defined before use

7.5CVSS7.5AI score0.00619EPSS
CVE
CVEadded 2009/08/05 7:30 p.m.42 views

CVE-2009-2579

SQL injection vulnerability in reward_points.post.php in the Reward points addon in CS-Cart before 2.0.6 allows remote authenticated users to execute arbitrary SQL commands via the sort_order parameter in a reward_points.userlog action to index.php, a different vulnerability than CVE-2005-4429.2.

6.5CVSS8.1AI score0.00412EPSS
CVE
CVEadded 2013/02/24 11:48 a.m.42 views

CVE-2013-0118

CS-Cart before 3.0.6, when PayPal Standard Payments is configured, allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's self.

5CVSS6.6AI score0.00328EPSS
CVE
CVEadded 2017/08/02 4:29 p.m.42 views

CVE-2017-2138

Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to hijack the authentication of administrators via unspecified vectors.

8.8CVSS8.8AI score0.00154EPSS
CVE
CVEadded 2021/09/14 12:15 p.m.41 views

CVE-2021-32202

In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by manipulating the "post description" filed in the blog post creation page.

6.1CVSS5.9AI score0.0024EPSS
CVE
CVEadded 2009/03/04 5:30 p.m.40 views

CVE-2008-6394

SQL injection vulnerability in core/user.php in CS-Cart 1.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the cs_cookies[customer_user_id] cookie parameter.

7.5CVSS8.7AI score0.00421EPSS
CVE
CVEadded 2017/11/17 2:29 p.m.38 views

CVE-2017-10886

Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an attacker to inject arbitrary web script or HTML via unspecified vectors.

5.4CVSS5.2AI score0.00253EPSS
CVE
CVEadded 2010/06/11 2:30 p.m.34 views

CVE-2009-4891

SQL injection vulnerability in index.php in CS-Cart 2.0.0 Beta 3 allows remote attackers to execute arbitrary SQL commands via the product_id parameter in a products.view action.

7.5CVSS8.6AI score0.0036EPSS
CVE
CVEadded 2014/01/24 3:8 p.m.34 views

CVE-2013-7317

Multiple cross-site scripting (XSS) vulnerabilities in CS-Cart before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) settings_file or (2) data_file parameter to (a) ampie.swf, (b) amline.swf, or (c) amcolumn.swf.

4.3CVSS5.9AI score0.00339EPSS
CVE
CVEadded 2005/12/21 12:3 a.m.33 views

CVE-2005-4429

SQL injection vulnerability in CS-Cart 1.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) sort_by and (2) sort_order parameters to index.php.

7.5CVSS8.4AI score0.00341EPSS
CVE
CVEadded 2017/04/20 6:59 p.m.32 views

CVE-2016-4862

Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier allow remote authenticated users to execute arbitrary PHP code on the servers.

8.8CVSS8.8AI score0.02432EPSS
CVE
CVEadded 2008/03/24 6:44 p.m.31 views

CVE-2008-1458

Cross-site scripting (XSS) vulnerability in index.php in CS-Cart 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a products search action. NOTE: it was also reported that 1.3.5-SP2 trial edition is also affected.

4.3CVSS5.7AI score0.00334EPSS
CVE
CVEadded 2015/03/25 2:59 p.m.31 views

CVE-2015-2701

Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote attackers to hijack the authentication of users for requests that change a user password via a request to profiles-update/.

6.8CVSS7.4AI score0.0086EPSS
CVE
CVEadded 2025/07/31 4:15 p.m.5 views

CVE-2025-50847

Cross Site Request Forgery (CSRF) vulnerability in CS Cart 4.18.3, allows attackers to add products to a user's comparison list via a crafted HTTP request.

6.5CVSS7.1AI score0.00054EPSS
CVE
CVEadded 2025/07/31 4:15 p.m.5 views

CVE-2025-50848

A file upload vulnerability was discovered in CS Cart 4.18.3, allows attackers to execute arbitrary code. CS Cart 4.18.3 allows unrestricted upload of HTML files, which are rendered directly in the browser when accessed. This allows an attacker to upload a crafted HTML file containing malicious con...

6.1CVSS6.4AI score0.00039EPSS
CVE
CVEadded 2025/07/31 4:15 p.m.4 views

CVE-2025-50850

An issue was discovered in CS Cart 4.18.3 allows the vendor login functionality lacks essential security controls such as CAPTCHA verification and rate limiting. This allows an attacker to systematically attempt various combinations of usernames and passwords (brute-force attack) to gain unauthoriz...

8.6CVSS7.4AI score0.00058EPSS