3 matches found
CVE-2005-0897
CVE-2005-0897 describes a PHP remote file inclusion vulnerability in the catalog.php file of the E-Store Kit-2 PayPal Edition. The issue arises from allowing the menu and main parameters to reference a URL on a remote server, enabling an attacker to cause the application to include and execute ar...
CVE-2005-0898
CVE-2005-0898 describes a cross-site scripting (XSS) vulnerability in the PHP file downloadform.php of the E-Store Kit-2 PayPal Edition. The flaw allows remote attackers to inject arbitrary web script or HTML by supplying a crafted txn_id parameter, potentially impacting users who view the affect...
CVE-2008-3594
Summary: CVE-2008-3594 is a SQL injection vulnerability in the PHP file viewdetails.php across MagicScripts E-Store Kit-1, E-Store Kit-2, E-Store Kit-1 Pro PayPal Edition, and E-Store Kit-2 PayPal Edition. The flaw allows remote attackers to terminate or alter SQL queries via the pid parameter, p...