3 matches found
CVE-2006-2483
CVE-2006-2483 : A PHP remote file inclusion vulnerability exists in Squirrelcart 2.2.2 and earlier. The issue resides in cart_content.php where an attacker can supply a URL to the cart_isp_root parameter, allowing arbitrary PHP code execution on the affected server. This is a remote code executio...
CVE-2007-4439
CVE-2007-4439 describes a PHP remote file inclusion in popup_window.php for Squirrelcart 1.x.x and earlier. The issue arises when an attacker supplies a URL in the site_isp_root parameter (likely related to cart.php), allowing execution of arbitrary PHP code on affected systems. Affected software...
CVE-2005-0962
CVE-2005-0962 documents a SQL injection in index.php for SquirrelCart (SquirrelCart/Lighthouse Squirrelcart). The flaw is exploited via the (1) crn parameter in a show action or (2) rn parameter in a show_detail action, allowing remote SQL commands. Affected: SquirrelCart 1.5.5 and prior versions...