Vulnerabilities > Comersus Open Technologies > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-06-21 | CVE-2007-3323 | Input Validation vulnerability in Comersus Open Technologies Comersus Cart 7.07 SQL injection vulnerability in comersus_optReviewReadExec.asp in Comersus Shop Cart 7.07 allows remote attackers to execute arbitrary SQL commands via the idProduct parameter. | 7.5 |
| 2005-07-11 | CVE-2005-2190 | SQL-Injection vulnerability in Comersus Cart Multiple SQL injection vulnerabilities in Comersus shopping cart allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to comersus_optAffiliateRegistrationExec.asp or (2) idProduct parameter to comersus_optReviewReadExec.asp. | 7.5 |
| 2005-05-02 | CVE-2005-0302 | SQL-Injection vulnerability in Comersus Open Technologies Comersus Backoffice Lite 6.0/6.1 SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to execute arbitrary SQL commands via the referer field in the HTTP header. | 7.5 |
| 2005-05-02 | CVE-2005-0301 | Security Bypass vulnerability in Comersus Open Technologies Comersus Backoffice Lite 6.0/6.1 comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to bypass authentication and gain privileges via a direct request to the program. | 7.5 |
| 2004-08-06 | CVE-2004-0682 | Multiple vulnerability in Comersus Open Technologies Comersus Cart 5.0.9 comersus_gatewayPayPal.asp in Comersus Cart 5.09, and possibly other versions before 5.098, allows remote attackers to change the prices of items by directly modifying them in the URL. | 7.5 |