VYPR

E Cart

by E Cart

CVEs (24)

  • CVE-2006-2827CriJun 5, 2006
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in search.php in X-Cart Gold and Pro 4.0.18, and X-Cart 4.1.0 beta 1, allows remote attackers to execute arbitrary SQL commands via the "Search for pattern" field, when the settings specify only "Search in Detailed description" and "Search also in…

  • CVE-2021-47909HigFeb 1, 2026
    risk 0.53cvss 8.1epss 0.00

    Mult-E-Cart Ultimate 2.4 contains multiple SQL injection vulnerabilities in inventory, customer, vendor, and order modules. Remote attackers with privileged vendor or admin roles can exploit the 'id' parameter to execute malicious SQL commands and compromise the database…

  • CVE-2017-15673HigNov 28, 2017
    risk 0.47cvss 7.2epss 0.02

    The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbitrary PHP code via vectors involving a custom page.

  • CVE-2021-32202MedSep 14, 2021
    risk 0.40cvss 6.1epss 0.01

    In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by manipulating the "post description" filed in the blog post creation page.

  • CVE-2020-9009LowApr 11, 2023
    risk 0.24cvss 3.7epss 0.01

    The ShipStation.com plugin 1.1 and earlier for CS-Cart allows remote attackers to insert arbitrary information into the database (via action=shipnotify) because access to this endpoint is completely unchecked. The attacker must guess an order number.

  • CVE-2006-2863Jun 6, 2006
    risk 0.04cvss epss 0.09

    PHP remote file inclusion vulnerability in class.cs_phpmailer.php in CS-Cart 1.3.3 allows remote attackers to execute arbitrary PHP code via a URL in the classes_dir parameter.

  • CVE-2015-2701Mar 25, 2015
    risk 0.03cvss epss 0.03

    Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote attackers to hijack the authentication of users for requests that change a user password via a request to profiles-update/.

  • CVE-2009-2579Aug 5, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in reward_points.post.php in the Reward points addon in CS-Cart before 2.0.6 allows remote authenticated users to execute arbitrary SQL commands via the sort_order parameter in a reward_points.userlog action to index.php, a different vulnerability…

  • CVE-2009-0832Mar 5, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in items.php in the E-Cart module 1.3 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the CA parameter.

  • CVE-2008-6394Mar 4, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in core/user.php in CS-Cart 1.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the cs_cookies[customer_user_id] cookie parameter.

  • CVE-2008-1458Mar 24, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in index.php in CS-Cart 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a products search action. NOTE: it was also reported that 1.3.5-SP2 trial edition is also affected.

  • CVE-2005-4429Dec 21, 2005
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in CS-Cart 1.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) sort_by and (2) sort_order parameters to index.php.

  • CVE-2005-4290Dec 16, 2005
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in index.cgi in ECW-Cart 2.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) kword, (2) max, (3) min, (4) comp, and (5) f parameters.

  • CVE-2005-1289May 2, 2005
    risk 0.03cvss epss 0.04

    index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and possibly (2) cat parameters.

  • CVE-2004-0241Nov 23, 2004
    risk 0.03cvss epss 0.06

    X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via the perl_binary argument in (1) upgrade.php or (2) general.php.

  • CVE-2015-5455Jul 8, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in X-Cart 4.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to install/.

  • CVE-2015-0951Apr 5, 2015
    risk 0.00cvss epss 0.01

    X-Cart before 5.1.11 allows remote authenticated users to read or delete address data of arbitrary accounts via a modified (1) update or (2) remove request.

  • CVE-2015-0950Apr 5, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in admin.php in X-Cart 5.1.6 through 5.1.10 allows remote attackers to inject arbitrary web script or HTML via the substring parameter.

  • CVE-2015-1178Jan 26, 2015
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in cart.php in X-Cart 5.1.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) product_id or (2) category_id parameter.

  • CVE-2013-7317Jan 24, 2014
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in CS-Cart before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) settings_file or (2) data_file parameter to (a) ampie.swf, (b) amline.swf, or (c) amcolumn.swf.

Page 1 of 2