Vulnerability in Qualiteam X-cart

CVE-2006-2827

SQL injection vulnerability in search.php in X-Cart Gold and Pro 4.0.18, and X-Cart 4.1.0 beta 1, allows remote attackers to execute arbitrary SQL commands via the "Search for pattern" field, when the settings specify only "Search in Detai…

EPSS: 0.013 (66.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

  • Qualiteam X-cart — versions 4.1.0_beta_1, gold_4.0.18, pro_4.0.18
  • N/a — versions n/a

References

Frequently asked questions

What is CVE-2006-2827?
CVE-2006-2827 is a critical-severity vulnerability in Qualiteam X-cart. CVSS score: 9.8/10. Published 2006-06-05.
How severe is CVE-2006-2827?
Critical severity. CVSS v3 base score is 9.8 out of 10.