MidiCart PHP Shopping Cart allows remote attackers to obtain sensitive information via a direct request to (1) search_list.php, (2) item_list.php, or (3) item_show.php, which reveal the path in a PHP error message.
6.6AI Score
0.011EPSS
Cross-site scripting (XSS) vulnerability in MidiCart PHP Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the (1) searchstring parameter to search_list.php or the (2) secondgroup or (3) maingroup parameters to item_list.php.
6AI Score
0.073EPSS
SQL injection vulnerability in MidiCart allows remote attackers to execute arbitrary SQL commands via the code_no parameter to (1) Item_Show.asp or (2) search_list.asp.
8.8AI Score
0.003EPSS
Multiple SQL injection vulnerabilities in MidiCart ASP Shopping Cart and ASP Plus Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) id2006quant parameter to (a) item_show.asp, or the (2) maingroup or (3) secondgroup parameter to (b) item_list.asp. NOTE: the code_no ...
8.5AI Score
0.037EPSS
Unrestricted file upload vulnerability in admin/add.php in Midicart allows remote authenticated users to upload arbitrary .php files, and possibly other files, to the images/ directory under the web root.
6.9AI Score
0.005EPSS
viewcart in Midicart accepts negative numbers in the Qty (quantity) field, which allows remote attackers to obtain a smaller total price for a shopping cart.
6.9AI Score
0.011EPSS