SQL injection vulnerability in index.php in CS-Cart 2.0.0 Beta 3 allows remote attackers to execute arbitrary SQL commands via the product_id parameter in a products.view action.
oryginał ENCVSS Vector
AV:N/AC:L/Au:N/C:P/I:P/A:PCs Cart
APPCs-Cart2.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SQLi
CWE
Powiązane podatności
CVE-2025-50850HIGH8.6ten sam produkt
An issue was discovered in CS Cart 4.18.3 allows the vendor login functionality lacks essential security contr...
CVE-2017-15673HIGH7.2ten sam produkt
The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbi...
CVE-2017-2138HIGH8.8ten sam produkt
Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 ...
CVE-2016-4862HIGH8.8ten sam produkt
Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier a...
CVE-2008-6394HIGH7.5ten sam produkt
SQL injection vulnerability in core/user.php in CS-Cart 1.3.5 and earlier allows remote attackers to execute a...