Sunshop Shopping Cart Security Vulnerabilities and Issues — Sunshop Shopping Cart CVE List

Lucene search

Turnkey SolutionsSunshop Shopping Cart

4 matches found

CVE•added 2006/05/01 10:6 p.m.•36 views

CVE-2006-2124

Multiple cross-site scripting (XSS) vulnerabilities in SunShop 3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) prevaction, (2) previd, (3) prevstart, (4) itemid, (5) id, and (6) action parameters in index.php.

5.8CVSS5.8AI score0.00685EPSS

CVE•added 2006/04/21 10:0 a.m.•33 views

CVE-2005-4787

Turnkey Web Tools SunShop Shopping Cart allows remote attackers to obtain sensitive information via a phpinfo action to (1) index.php, (2) admin/index.php, and (3) admin/adminindex.php, which executes the PHP phpinfo function. NOTE: The vendor has disputed this issue, saying that "Having this in th...

5CVSS6.8AI score0.00408EPSS

CVE•added 2003/04/02 5:0 a.m.•29 views

CVE-2002-0553

Cross-site scripting vulnerability in SunShop 2.5 and earlier allows remote attackers to gain administrative privileges to SunShop by injecting the script into fields during new customer registration.

7.5CVSS7AI score0.03062EPSS

CVE•added 2008/04/30 4:17 p.m.•29 views

CVE-2008-2038

Multiple SQL injection vulnerabilities in admin/adminindex.php in Turnkey Web Tools SunShop Shopping Cart 4.1.0 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) orderby and (2) sort parameters. NOTE: the provenance of this information is unknown; the details a...

6.5CVSS7.8AI score0.00324EPSS