Vulnerabilities > Comersus Open Technologies > Comersus Cart > High

DATE	CVE	VULNERABILITY TITLE	RISK
2007-06-21	CVE-2007-3323	Input Validation vulnerability in Comersus Open Technologies Comersus Cart 7.07 SQL injection vulnerability in comersus_optReviewReadExec.asp in Comersus Shop Cart 7.07 allows remote attackers to execute arbitrary SQL commands via the idProduct parameter. network low complexity comersus-open-technologies	7.5
2005-07-11	CVE-2005-2190	SQL-Injection vulnerability in Comersus Cart Multiple SQL injection vulnerabilities in Comersus shopping cart allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to comersus_optAffiliateRegistrationExec.asp or (2) idProduct parameter to comersus_optReviewReadExec.asp. network low complexity comersus-open-technologies	7.5
2004-08-06	CVE-2004-0682	Multiple vulnerability in Comersus Open Technologies Comersus Cart 5.0.9 comersus_gatewayPayPal.asp in Comersus Cart 5.09, and possibly other versions before 5.098, allows remote attackers to change the prices of items by directly modifying them in the URL. network low complexity comersus-open-technologies	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.