Midicart Software
Products
6- 6 CVEs
- 3 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
9| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2002-1798 | Cri | 0.63 | 9.1 | 0.05 | Dec 31, 2002 | MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) upload arbitrary php files via a direct request to admin/upload.php or (2) access sensitive information via a direct request to admin/credit_card_info.php. | ||
| CVE-2002-1432 | 0.04 | — | 0.08 | Apr 11, 2003 | MidiCart stores the midicart.mdb database file under the Web document root, which allows remote attackers to steal sensitive information by directly requesting the database. | |||
| CVE-2006-6209 | 0.03 | — | 0.01 | Dec 1, 2006 | Multiple SQL injection vulnerabilities in MidiCart ASP Shopping Cart and ASP Plus Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) id2006quant parameter to (a) item_show.asp, or the (2) maingroup or (3) secondgroup parameter to (b)… | |||
| CVE-2005-1503 | 0.03 | — | 0.04 | May 11, 2005 | Multiple SQL injection vulnerabilities in MidiCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) searchstring parameter to search_list.php, the (2) maingroup or (3) secondgroup parameters to item_list.php, or (4) code_no parameter to… | |||
| CVE-2006-6464 | 0.00 | — | 0.01 | Dec 11, 2006 | viewcart in Midicart accepts negative numbers in the Qty (quantity) field, which allows remote attackers to obtain a smaller total price for a shopping cart. | |||
| CVE-2006-6463 | 0.00 | — | 0.01 | Dec 11, 2006 | Unrestricted file upload vulnerability in admin/add.php in Midicart allows remote authenticated users to upload arbitrary .php files, and possibly other files, to the images/ directory under the web root. | |||
| CVE-2005-2601 | 0.00 | — | 0.01 | Aug 17, 2005 | SQL injection vulnerability in MidiCart allows remote attackers to execute arbitrary SQL commands via the code_no parameter to (1) Item_Show.asp or (2) search_list.asp. | |||
| CVE-2005-1502 | 0.00 | — | 0.03 | May 11, 2005 | Cross-site scripting (XSS) vulnerability in MidiCart PHP Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the (1) searchstring parameter to search_list.php or the (2) secondgroup or (3) maingroup parameters to item_list.php. | |||
| CVE-2005-1501 | 0.00 | — | 0.02 | May 11, 2005 | MidiCart PHP Shopping Cart allows remote attackers to obtain sensitive information via a direct request to (1) search_list.php, (2) item_list.php, or (3) item_show.php, which reveal the path in a PHP error message. |
- risk 0.63cvss 9.1epss 0.05
MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) upload arbitrary php files via a direct request to admin/upload.php or (2) access sensitive information via a direct request to admin/credit_card_info.php.
- CVE-2002-1432Apr 11, 2003risk 0.04cvss —epss 0.08
MidiCart stores the midicart.mdb database file under the Web document root, which allows remote attackers to steal sensitive information by directly requesting the database.
- CVE-2006-6209Dec 1, 2006risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in MidiCart ASP Shopping Cart and ASP Plus Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) id2006quant parameter to (a) item_show.asp, or the (2) maingroup or (3) secondgroup parameter to (b)…
- CVE-2005-1503May 11, 2005risk 0.03cvss —epss 0.04
Multiple SQL injection vulnerabilities in MidiCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) searchstring parameter to search_list.php, the (2) maingroup or (3) secondgroup parameters to item_list.php, or (4) code_no parameter to…
- CVE-2006-6464Dec 11, 2006risk 0.00cvss —epss 0.01
viewcart in Midicart accepts negative numbers in the Qty (quantity) field, which allows remote attackers to obtain a smaller total price for a shopping cart.
- CVE-2006-6463Dec 11, 2006risk 0.00cvss —epss 0.01
Unrestricted file upload vulnerability in admin/add.php in Midicart allows remote authenticated users to upload arbitrary .php files, and possibly other files, to the images/ directory under the web root.
- CVE-2005-2601Aug 17, 2005risk 0.00cvss —epss 0.01
SQL injection vulnerability in MidiCart allows remote attackers to execute arbitrary SQL commands via the code_no parameter to (1) Item_Show.asp or (2) search_list.asp.
- CVE-2005-1502May 11, 2005risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in MidiCart PHP Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the (1) searchstring parameter to search_list.php or the (2) secondgroup or (3) maingroup parameters to item_list.php.
- CVE-2005-1501May 11, 2005risk 0.00cvss —epss 0.02
MidiCart PHP Shopping Cart allows remote attackers to obtain sensitive information via a direct request to (1) search_list.php, (2) item_list.php, or (3) item_show.php, which reveal the path in a PHP error message.