4 matches found
CVE-2007-5098
DFD Cart is affected by multiple PHP remote file inclusion flaws in version 1.1.4 and earlier when register_globals is on. The vulnerability allows an attacker to craft a URL for set_depth that causes inclusion of arbitrary PHP code via specific target paths in app.lib/product.control/core.php/pr...
CVE-2010-1541
CVE-2010-1541 affects DFD Cart versions 1.198, 1.197 and earlier. The documented flaw is multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or HTML through specific input parameters: (1) category and (2) list_quantity in index.php, and (...
CVE-2010-1542
DFD Cart contains CSRF vulnerabilities in admin/configure.php affecting version 1.198, 1.197 and earlier. The issue allows remote attackers to hijack administrator sessions to perform (1) XSS actions or (2) changes to unspecified settings. Root cause is cross-site request forgery in admin configu...
CVE-2007-5136
CVE-2007-5136 is an XSS vulnerability affecting DFD Cart 1.1.4 and earlier. The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, with a CVSS v2 base score of 4.3 (Medium) and impacts including partial integrity but no confidentiality or availability im...