X-cart Security Vulnerabilities and Issues — X-cart CVE List

Lucene search

QualiteamX-cart

3 matches found

CVE•added 2007/09/17 4:17 p.m.•93 views

CVE-2007-4907

Multiple PHP remote file inclusion vulnerabilities in X-Cart allow remote attackers to execute arbitrary PHP code via a URL in the xcart_dir parameter to (1) config.php, (2) prepare.php, (3) smarty.php, (4) customer/product.php, (5) provider/auth.php, and (6) admin/auth.php.

7.5CVSS7.7AI score0.06766EPSS

Web

CVE•added 2005/06/01 4:0 a.m.•50 views

CVE-2005-1822

Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) printable parameter to home.php, (3) productid or (4) mode parameter to product.php, (5) id parameter to error_message.php, (6) section parameter to help....

7.5CVSS8.6AI score0.00534EPSS

CVE•added 2006/09/21 12:7 a.m.•46 views

CVE-2006-4904

Dynamic variable evaluation vulnerability in cmpi.php in Qualiteam X-Cart 4.1.3 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code, as demonstrated by PHP remote file inclusion via the xcart_dir parameter.

7.5CVSS7.4AI score0.04694EPSS

Web