Qualiteam X-cart

15 CVEs affecting Qualiteam X-cart. Latest disclosed: 2019-06-06. Critical: 1, High: 1.

Top CVEs affecting Qualiteam X-cart
CVESeverityScorePublishedSummary
CVE-2006-2827Critical9.82006-06-05SQL injection vulnerability in search.php in X-Cart Gold and Pro 4.0.18, and X-Cart 4.1.0 beta 1, allows remote attackers to execute arbitrary SQL commands via…
CVE-2017-15285High8.82017-10-12X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote Code Execution. This vulnerability exists because the application fails to check remote fil…
CVE-2019-7220Medium6.12019-06-06X-Cart V5 is vulnerable to XSS via the CategoryFilter2 parameter.
CVE-2015-54552015-07-08Cross-site scripting (XSS) vulnerability in X-Cart 4.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to…
CVE-2015-09512015-04-05X-Cart before 5.1.11 allows remote authenticated users to read or delete address data of arbitrary accounts via a modified (1) update or (2) remove request.
CVE-2015-09502015-04-05Cross-site scripting (XSS) vulnerability in admin.php in X-Cart 5.1.6 through 5.1.10 allows remote attackers to inject arbitrary web script or HTML via the sub…
CVE-2015-11782015-01-26Multiple cross-site scripting (XSS) vulnerabilities in cart.php in X-Cart 5.1.8 and earlier allow remote attackers to inject arbitrary web script or HTML via t…
CVE-2012-25702012-08-15Cross-site scripting (XSS) vulnerability in products_map.php in X-Cart Gold 4.5 allows remote attackers to inject arbitrary web script or HTML via the symb par…
CVE-2007-49072007-09-17Multiple PHP remote file inclusion vulnerabilities in X-Cart allow remote attackers to execute arbitrary PHP code via a URL in the xcart_dir parameter to (1) c…
CVE-2006-49042006-09-21Dynamic variable evaluation vulnerability in cmpi.php in Qualiteam X-Cart 4.1.3 and earlier allows remote attackers to overwrite arbitrary program variables an…
CVE-2005-18232005-06-01Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) cat or…
CVE-2005-18222005-06-01Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) printable para…
CVE-2004-02422004-11-23X-Cart 3.4.3 allows remote attackers to gain sensitive information via a mode parameter with (1) phpinfo command or (2) perlinfo command.
CVE-2004-02412004-11-23X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via the perl_binary argument in (1) upgrade.php or (2) general.php.
CVE-2004-02402004-11-23Directory traversal vulnerability in X-Cart 3.4.3 allows remote attackers to view arbitrary files via a .. (dot dot) in the shop_closed_file argument to auth.p…