Lucene search
+L
Eazy CartEazy Cart

4 matches found

CVE
CVE
added 2006/10/12 12:0 a.m.51 views

CVE-2006-5245

Summary (CVE-2006-5245): Eazy Cart is affected by a authentication bypass vulnerability in the admin area. A remote attacker can gain administrative access by issuing a direct request to a file such as admin/home/index.php (and potentially other PHP scripts under the admin/ directory), bypassing ...

7.5CVSS7.8AI score0.01824EPSS
CVE
CVE
added 2006/10/12 12:0 a.m.44 views

CVE-2006-5246

The CVE-2006-5246 issue concerns Eazy Cart where remote attackers can modify prices and other critical fields via unspecified vectors to easycart.php, likely abusing an input-validation flaw that permits altering the price parameter. The core weakness is insufficient validation/authorization on p...

5CVSS7.1AI score0.01507EPSS
CVE
CVE
added 2006/10/12 12:0 a.m.44 views

CVE-2006-5247

CVE-2006-5247 concerns multiple cross-site scripting (XSS) vulnerabilities in Eazy Cart. The affected component is the web application’s easycart.php, with possible vectors including the (1) des and (2) qty parameters in an add action and other unspecified vectors. The description and connected s...

6.8CVSS6.1AI score0.01601EPSS
CVE
CVE
added 2006/10/12 12:0 a.m.43 views

CVE-2006-5248

CVE-2006-5248 affects Eazy Cart: sensitive customer data stored under the web root with insufficient access control, allowing remote retrieval of admin/config/customer.dat via direct request. Multiple sources (NVD, Red Hat, CVE List, CVE Details) describe the same issue. Root cause is improper ac...

7.8CVSS6.7AI score0.01611EPSS