Hucart Security Vulnerabilities

CVE-2020-18476

SQL Injection vulnerability in Hucart CMS 5.7.4 via the basic information field found in the avatar usd_image...

CVE-2020-18477

SQL Injection vulnerability in Hucart CMS 5.7.4 via the purchase enquiry field found in the Message con_content...

CVE-2020-18475

Cross Site Scripting (XSS) vulnerabilty exists in Hucart CMS 5.7.4 is via the mes_title field. The first user inserts a malicious script into the header field of the outbox and sends it to other users. When other users open the email, the malicious code will be...

CVE-2020-18158

Cross Site Scripting (XSS) vulnerability in HuCart 5.7.4 via nickname in...

CVE-2019-6249

An issue was discovered in HuCart v5.7.4. There is a CSRF vulnerability that can add an admin account via...

CVE-2018-19468

HuCart 5.7.4 has SQL injection in get_ip() in system/class/helper_class.php via the X-Forwarded-For HTTP header to the user/index.php?load=login&act=act_login...