Midicart PHP Shopping Cart
CVEs (5)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2006-6464 | 0.00 | — | 0.01 | Dec 11, 2006 | viewcart in Midicart accepts negative numbers in the Qty (quantity) field, which allows remote attackers to obtain a smaller total price for a shopping cart. | ||
| CVE-2006-6463 | 0.00 | — | 0.01 | Dec 11, 2006 | Unrestricted file upload vulnerability in admin/add.php in Midicart allows remote authenticated users to upload arbitrary .php files, and possibly other files, to the images/ directory under the web root. | ||
| CVE-2005-2601 | 0.00 | — | 0.01 | Aug 17, 2005 | SQL injection vulnerability in MidiCart allows remote attackers to execute arbitrary SQL commands via the code_no parameter to (1) Item_Show.asp or (2) search_list.asp. | ||
| CVE-2005-1502 | 0.00 | — | 0.04 | May 11, 2005 | Cross-site scripting (XSS) vulnerability in MidiCart PHP Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the (1) searchstring parameter to search_list.php or the (2) secondgroup or (3) maingroup parameters to item_list.php. | ||
| CVE-2005-1501 | 0.00 | — | 0.01 | May 11, 2005 | MidiCart PHP Shopping Cart allows remote attackers to obtain sensitive information via a direct request to (1) search_list.php, (2) item_list.php, or (3) item_show.php, which reveal the path in a PHP error message. |
- CVE-2006-6464Dec 11, 2006risk 0.00cvss —epss 0.01
viewcart in Midicart accepts negative numbers in the Qty (quantity) field, which allows remote attackers to obtain a smaller total price for a shopping cart.
- CVE-2006-6463Dec 11, 2006risk 0.00cvss —epss 0.01
Unrestricted file upload vulnerability in admin/add.php in Midicart allows remote authenticated users to upload arbitrary .php files, and possibly other files, to the images/ directory under the web root.
- CVE-2005-2601Aug 17, 2005risk 0.00cvss —epss 0.01
SQL injection vulnerability in MidiCart allows remote attackers to execute arbitrary SQL commands via the code_no parameter to (1) Item_Show.asp or (2) search_list.asp.
- CVE-2005-1502May 11, 2005risk 0.00cvss —epss 0.04
Cross-site scripting (XSS) vulnerability in MidiCart PHP Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the (1) searchstring parameter to search_list.php or the (2) secondgroup or (3) maingroup parameters to item_list.php.
- CVE-2005-1501May 11, 2005risk 0.00cvss —epss 0.01
MidiCart PHP Shopping Cart allows remote attackers to obtain sensitive information via a direct request to (1) search_list.php, (2) item_list.php, or (3) item_show.php, which reveal the path in a PHP error message.