Zeuscart
by Zeuscart
Source repositories
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-3868 | Hig | 0.53 | 8.8 | 0.02 | Jan 31, 2020 | Multiple SQL injection vulnerabilities in ZeusCart 4.x. | ||
| CVE-2018-25435 | Med | 0.34 | 5.3 | 0.00 | Jun 1, 2026 | ZeusCart 4.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of victims by crafting malicious requests. Attackers can deactivate customer accounts via the admin interface by tricking users into visiting… | ||
| CVE-2015-2184 | 0.04 | — | 0.08 | Mar 10, 2015 | ZeusCart 4 allows remote attackers to obtain configuration information via a getphpinfo action to admin/, which calls the phpinfo function. | |||
| CVE-2015-2182 | 0.03 | — | 0.04 | Mar 11, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in ZeusCart 4 allow remote attackers to inject arbitrary web script or HTML via the (1) schltr parameter in a brands action or (2) brand parameter in a viewbrands action to index.php. NOTE: The search parameter vector is… | |||
| CVE-2010-5322 | 0.03 | — | 0.03 | Mar 11, 2015 | Cross-site scripting (XSS) vulnerability in ZeusCart 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action to index.php. | |||
| CVE-2015-2183 | 0.03 | — | 0.04 | Mar 10, 2015 | Multiple SQL injection vulnerabilities in the administrative backend in ZeusCart 4 allow remote administrators to execute arbitrary SQL commands via the id parameter in a (1) disporders detail or (2) subadminmgt edit action or (3) cid parameter in an editcurrency action to… | |||
| CVE-2009-4940 | 0.03 | — | 0.01 | Jul 22, 2010 | SQL injection vulnerability in index.php in Zeus Cart 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action. |
- risk 0.53cvss 8.8epss 0.02
Multiple SQL injection vulnerabilities in ZeusCart 4.x.
- risk 0.34cvss 5.3epss 0.00
ZeusCart 4.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of victims by crafting malicious requests. Attackers can deactivate customer accounts via the admin interface by tricking users into visiting…
- CVE-2015-2184Mar 10, 2015risk 0.04cvss —epss 0.08
ZeusCart 4 allows remote attackers to obtain configuration information via a getphpinfo action to admin/, which calls the phpinfo function.
- CVE-2015-2182Mar 11, 2015risk 0.03cvss —epss 0.04
Multiple cross-site scripting (XSS) vulnerabilities in ZeusCart 4 allow remote attackers to inject arbitrary web script or HTML via the (1) schltr parameter in a brands action or (2) brand parameter in a viewbrands action to index.php. NOTE: The search parameter vector is…
- CVE-2010-5322Mar 11, 2015risk 0.03cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in ZeusCart 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action to index.php.
- CVE-2015-2183Mar 10, 2015risk 0.03cvss —epss 0.04
Multiple SQL injection vulnerabilities in the administrative backend in ZeusCart 4 allow remote administrators to execute arbitrary SQL commands via the id parameter in a (1) disporders detail or (2) subadminmgt edit action or (3) cid parameter in an editcurrency action to…
- CVE-2009-4940Jul 22, 2010risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in Zeus Cart 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action.