3 matches found
CVE-2008-6278
The CVE-2008-6278 entry concerns RakhiSoftware Price Comparison Script (aka Shopping Cart). Affected component: product.php. Vulnerability: reflected cross-site scripting via two parameters, category_id and subcategory_id, allowing remote attackers to inject arbitrary web script or HTML. The root...
CVE-2008-6279
Vulnerability: RakhiSoftware Price Comparison Script (Shopping Cart) exposes installation path in error messages via an invalid PHPSESSID cookie, enabling remote disclosure of sensitive information. Affected: RakhiSoftware Price Comparison Script; root cause: PHPSESSID handling leads to error det...
CVE-2008-6277
CVE-2008-6277 describes an SQL injection vulnerability in the RakhiSoftware Price Comparison Script (aka Shopping Cart). The flaw is in the file product.php and is exploitable via the subcategory_id parameter, enabling a remote attacker to execute arbitrary SQL commands. This AV:N/AC:L/ Au:N/C:P/...