VYPR

HuCart

by HuCart

CVEs (5)

  • CVE-2018-19468CriNov 23, 2018
    risk 0.64cvss 9.8epss 0.01

    HuCart 5.7.4 has SQL injection in get_ip() in system/class/helper_class.php via the X-Forwarded-For HTTP header to the user/index.php?load=login&act=act_login URI.

  • CVE-2019-6249HigJan 13, 2019
    risk 0.60cvss 8.8epss 0.03

    An issue was discovered in HuCart v5.7.4. There is a CSRF vulnerability that can add an admin account via /adminsys/index.php?load=admins&act=edit_info&act_type=add.

  • CVE-2020-18477HigAug 26, 2021
    risk 0.57cvss 8.8epss 0.01

    SQL Injection vulnerability in Hucart CMS 5.7.4 via the purchase enquiry field found in the Message con_content field.

  • CVE-2020-18476HigAug 26, 2021
    risk 0.57cvss 8.8epss 0.01

    SQL Injection vulnerability in Hucart CMS 5.7.4 via the basic information field found in the avatar usd_image field.

  • CVE-2020-18158MedJul 30, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) vulnerability in HuCart 5.7.4 via nickname in index.php.