Qualiteam X-cart
15 CVEs affecting Qualiteam X-cart. Latest disclosed: 2019-06-06. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2006-2827 | Critical | 9.8 | 2006-06-05 | SQL injection vulnerability in search.php in X-Cart Gold and Pro 4.0.18, and X-Cart 4.1.0 beta 1, allows remote attackers to execute arbitrary SQL commands via… |
CVE-2017-15285 | High | 8.8 | 2017-10-12 | X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote Code Execution. This vulnerability exists because the application fails to check remote fil… |
CVE-2019-7220 | Medium | 6.1 | 2019-06-06 | X-Cart V5 is vulnerable to XSS via the CategoryFilter2 parameter. |
CVE-2015-5455 | | 2015-07-08 | Cross-site scripting (XSS) vulnerability in X-Cart 4.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to… | |
CVE-2015-0951 | | 2015-04-05 | X-Cart before 5.1.11 allows remote authenticated users to read or delete address data of arbitrary accounts via a modified (1) update or (2) remove request. | |
CVE-2015-0950 | | 2015-04-05 | Cross-site scripting (XSS) vulnerability in admin.php in X-Cart 5.1.6 through 5.1.10 allows remote attackers to inject arbitrary web script or HTML via the sub… | |
CVE-2015-1178 | | 2015-01-26 | Multiple cross-site scripting (XSS) vulnerabilities in cart.php in X-Cart 5.1.8 and earlier allow remote attackers to inject arbitrary web script or HTML via t… | |
CVE-2012-2570 | | 2012-08-15 | Cross-site scripting (XSS) vulnerability in products_map.php in X-Cart Gold 4.5 allows remote attackers to inject arbitrary web script or HTML via the symb par… | |
CVE-2007-4907 | | 2007-09-17 | Multiple PHP remote file inclusion vulnerabilities in X-Cart allow remote attackers to execute arbitrary PHP code via a URL in the xcart_dir parameter to (1) c… | |
CVE-2006-4904 | | 2006-09-21 | Dynamic variable evaluation vulnerability in cmpi.php in Qualiteam X-Cart 4.1.3 and earlier allows remote attackers to overwrite arbitrary program variables an… | |
CVE-2005-1823 | | 2005-06-01 | Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) cat or… | |
CVE-2005-1822 | | 2005-06-01 | Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) printable para… | |
CVE-2004-0242 | | 2004-11-23 | X-Cart 3.4.3 allows remote attackers to gain sensitive information via a mode parameter with (1) phpinfo command or (2) perlinfo command. | |
CVE-2004-0241 | | 2004-11-23 | X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via the perl_binary argument in (1) upgrade.php or (2) general.php. | |
CVE-2004-0240 | | 2004-11-23 | Directory traversal vulnerability in X-Cart 3.4.3 allows remote attackers to view arbitrary files via a .. (dot dot) in the shop_closed_file argument to auth.p… |