VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 2, 2010· Updated Apr 29, 2026

CVE-2010-4147

CVE-2010-4147

Description

Multiple SQL injection vulnerabilities in Pentasoft Avactis Shopping Cart 1.9.1 build 8356 free edition and earlier allow remote attackers to execute arbitrary SQL commands via the User-Agent header to (1) index.php and (2) product-list.php.

Affected products

5
  • Avactis/Avactis Shopping Cart5 versions
    cpe:2.3:a:avactis:avactis_shopping_cart:1.9.0:-:free:*:*:*:*:*+ 4 more
    • cpe:2.3:a:avactis:avactis_shopping_cart:1.9.0:-:free:*:*:*:*:*
    • cpe:2.3:a:avactis:avactis_shopping_cart:*:-:free:*:*:*:*:*range: <=1.9.1
    • cpe:2.3:a:avactis:avactis_shopping_cart:1.8.0:-:free:*:*:*:*:*
    • cpe:2.3:a:avactis:avactis_shopping_cart:1.8.1:-:free:*:*:*:*:*
    • cpe:2.3:a:avactis:avactis_shopping_cart:1.8.2:-:free:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

7

News mentions

0

No linked articles in our index yet.