HuCart
by HuCart
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-19468 | Cri | 0.64 | 9.8 | 0.01 | Nov 23, 2018 | HuCart 5.7.4 has SQL injection in get_ip() in system/class/helper_class.php via the X-Forwarded-For HTTP header to the user/index.php?load=login&act=act_login URI. | ||
| CVE-2019-6249 | Hig | 0.60 | 8.8 | 0.03 | Jan 13, 2019 | An issue was discovered in HuCart v5.7.4. There is a CSRF vulnerability that can add an admin account via /adminsys/index.php?load=admins&act=edit_info&act_type=add. | ||
| CVE-2020-18477 | Hig | 0.57 | 8.8 | 0.01 | Aug 26, 2021 | SQL Injection vulnerability in Hucart CMS 5.7.4 via the purchase enquiry field found in the Message con_content field. | ||
| CVE-2020-18476 | Hig | 0.57 | 8.8 | 0.01 | Aug 26, 2021 | SQL Injection vulnerability in Hucart CMS 5.7.4 via the basic information field found in the avatar usd_image field. | ||
| CVE-2020-18158 | Med | 0.35 | 5.4 | 0.01 | Jul 30, 2021 | Cross Site Scripting (XSS) vulnerability in HuCart 5.7.4 via nickname in index.php. |
- risk 0.64cvss 9.8epss 0.01
HuCart 5.7.4 has SQL injection in get_ip() in system/class/helper_class.php via the X-Forwarded-For HTTP header to the user/index.php?load=login&act=act_login URI.
- risk 0.60cvss 8.8epss 0.03
An issue was discovered in HuCart v5.7.4. There is a CSRF vulnerability that can add an admin account via /adminsys/index.php?load=admins&act=edit_info&act_type=add.
- risk 0.57cvss 8.8epss 0.01
SQL Injection vulnerability in Hucart CMS 5.7.4 via the purchase enquiry field found in the Message con_content field.
- risk 0.57cvss 8.8epss 0.01
SQL Injection vulnerability in Hucart CMS 5.7.4 via the basic information field found in the avatar usd_image field.
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting (XSS) vulnerability in HuCart 5.7.4 via nickname in index.php.