3 matches found
CVE-2005-1003
CVE-2005-1003 affects ProfitCode PayProCart 3.0: a directory traversal in index.php via the modID parameter allows remote inclusion of arbitrary PHP files. The root cause is improper validation of .. (dot dot) sequences leading to file inclusion. Impact is remote code execution potential, as desc...
CVE-2005-1004
The CVE-2005-1004 issue affects ProfitCode PayProCart 3.0, where an XSS flaw exists in usrdetails.php exploitable via the sgnuptype parameter. The vulnerability is reflected XSS with no authentication, allowing an attacker to inject script/html in the context of the victim’s browser (I:P, C:N). I...
CVE-2005-1005
CVE-2005-1005 affects ProfitCode PayProCart 3.0. The vulnerability allows remote attackers to bypass authentication and gain administrative privileges in the admin control panel by issuing a direct request to adminshop/index.php containing hex-encoded .. sequences in the ftoedit parameter, enabli...