4 matches found
CVE-2006-5245
Summary (CVE-2006-5245): Eazy Cart is affected by a authentication bypass vulnerability in the admin area. A remote attacker can gain administrative access by issuing a direct request to a file such as admin/home/index.php (and potentially other PHP scripts under the admin/ directory), bypassing ...
CVE-2006-5246
The CVE-2006-5246 issue concerns Eazy Cart where remote attackers can modify prices and other critical fields via unspecified vectors to easycart.php, likely abusing an input-validation flaw that permits altering the price parameter. The core weakness is insufficient validation/authorization on p...
CVE-2006-5247
CVE-2006-5247 concerns multiple cross-site scripting (XSS) vulnerabilities in Eazy Cart. The affected component is the web application’s easycart.php, with possible vectors including the (1) des and (2) qty parameters in an add action and other unspecified vectors. The description and connected s...
CVE-2006-5248
CVE-2006-5248 affects Eazy Cart: sensitive customer data stored under the web root with insufficient access control, allowing remote retrieval of admin/config/customer.dat via direct request. Multiple sources (NVD, Red Hat, CVE List, CVE Details) describe the same issue. Root cause is improper ac...