CVE-2009-4688

Multiple XSS vulnerabilities in index.php of a PHP Shopping Cart Selling Website Script allow remote attackers to inject arbitrary script/HTML via the txtkeywords and cid parameters. Affected: index.php in the PHP Shopping Cart Selling Website Script; root cause: improper handling of user-supplie...

CVE-2009-4689

CVE-2009-4689 is a SQL injection flaw in index.php of the PHP Shopping Cart Selling Website Script, exploitable via the cid parameter to execute arbitrary SQL commands. The vulnerability arises from unsafely handling user input, enabling remote attackers to affect data confidentiality, integrity,...