Vulnerabilities > Bugmall

DATE CVE VULNERABILITY TITLE RISK
2007-06-27 CVE-2007-3448 Cross-Site Scripting vulnerability in Bugmall Shopping Cart
Cross-site scripting (XSS) vulnerability in index.php in BugMall Shopping Cart 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the msgs parameter.
network
bugmall CWE-79
4.3
2007-06-27 CVE-2007-3447 SQL Injection vulnerability in Bugmall Shopping Cart 2.5
SQL injection vulnerability in BugMall Shopping Cart 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the "basic search box." NOTE: 4.0.2 and other versions might also be affected.
network
bugmall CWE-89
6.8
2007-06-27 CVE-2007-3446 Unspecified vulnerability in Bugmall Shopping Cart
BugMall Shopping Cart 2.5 and earlier has a default username "demo" and password "demo," which allows remote attackers to obtain login access.
network
low complexity
bugmall
7.5