VYPR

Zeuscart

by Zeuscart

Source repositories

CVEs (7)

  • CVE-2014-3868HigJan 31, 2020
    risk 0.53cvss 8.8epss 0.02

    Multiple SQL injection vulnerabilities in ZeusCart 4.x.

  • CVE-2018-25435MedJun 1, 2026
    risk 0.34cvss 5.3epss 0.00

    ZeusCart 4.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of victims by crafting malicious requests. Attackers can deactivate customer accounts via the admin interface by tricking users into visiting…

  • CVE-2015-2184Mar 10, 2015
    risk 0.04cvss epss 0.08

    ZeusCart 4 allows remote attackers to obtain configuration information via a getphpinfo action to admin/, which calls the phpinfo function.

  • CVE-2015-2182Mar 11, 2015
    risk 0.03cvss epss 0.04

    Multiple cross-site scripting (XSS) vulnerabilities in ZeusCart 4 allow remote attackers to inject arbitrary web script or HTML via the (1) schltr parameter in a brands action or (2) brand parameter in a viewbrands action to index.php. NOTE: The search parameter vector is…

  • CVE-2010-5322Mar 11, 2015
    risk 0.03cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in ZeusCart 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action to index.php.

  • CVE-2015-2183Mar 10, 2015
    risk 0.03cvss epss 0.04

    Multiple SQL injection vulnerabilities in the administrative backend in ZeusCart 4 allow remote administrators to execute arbitrary SQL commands via the id parameter in a (1) disporders detail or (2) subadminmgt edit action or (3) cid parameter in an editcurrency action to…

  • CVE-2009-4940Jul 22, 2010
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Zeus Cart 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action.