Lucene search
+L
DragonfrugalDfd Cart

4 matches found

CVE
CVE
added 2007/09/26 10:0 p.m.125 views

CVE-2007-5098

DFD Cart is affected by multiple PHP remote file inclusion flaws in version 1.1.4 and earlier when register_globals is on. The vulnerability allows an attacker to craft a URL for set_depth that causes inclusion of arbitrary PHP code via specific target paths in app.lib/product.control/core.php/pr...

6.8CVSS7.6AI score0.45953EPSS
Web
CVE
CVE
added 2010/04/26 7:0 p.m.45 views

CVE-2010-1541

CVE-2010-1541 affects DFD Cart versions 1.198, 1.197 and earlier. The documented flaw is multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or HTML through specific input parameters: (1) category and (2) list_quantity in index.php, and (...

4.3CVSS5.9AI score0.01065EPSS
CVE
CVE
added 2010/04/26 7:0 p.m.43 views

CVE-2010-1542

DFD Cart contains CSRF vulnerabilities in admin/configure.php affecting version 1.198, 1.197 and earlier. The issue allows remote attackers to hijack administrator sessions to perform (1) XSS actions or (2) changes to unspecified settings. Root cause is cross-site request forgery in admin configu...

6.8CVSS6.8AI score0.00565EPSS
CVE
CVE
added 2007/09/28 9:0 p.m.34 views

CVE-2007-5136

CVE-2007-5136 is an XSS vulnerability affecting DFD Cart 1.1.4 and earlier. The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, with a CVSS v2 base score of 4.3 (Medium) and impacts including partial integrity but no confidentiality or availability im...

4.3CVSS5.7AI score0.01022EPSS