Vulnerabilities > Cpcommerce

DATE	CVE	VULNERABILITY TITLE	RISK
2009-04-20	CVE-2009-1345	SQL Injection vulnerability in Cpcommerce 1.2.8 SQL injection vulnerability in document.php in cpCommerce 1.2.8 allows remote attackers to execute arbitrary SQL commands via the id_document parameter. network low complexity cpcommerce CWE-89	7.5
2008-10-21	CVE-2008-4637	Cross-Site Scripting vulnerability in Cpcommerce Cross-site scripting (XSS) vulnerability in cpCommerce before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors in the advanced search feature. network cpcommerce CWE-79	4.3
2008-10-21	CVE-2008-4121	Cross-Site Scripting vulnerability in Cpcommerce Multiple cross-site scripting (XSS) vulnerabilities in cpCommerce before 1.2.4 allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter in a search.quick action to search.php and (2) the name parameter in a sendtofriend action to sendtofriend.php. network cpcommerce CWE-79	4.3
2008-04-22	CVE-2008-1908	Path Traversal vulnerability in Cpcommerce 1.1.0 Multiple directory traversal vulnerabilities in cpCommerce 1.1.0 allow remote attackers to include and execute arbitrary local files via a .. network low complexity cpcommerce CWE-22	7.5
2008-04-22	CVE-2008-1907	SQL Injection vulnerability in Cpcommerce 1.1.0 Multiple SQL injection vulnerabilities in functions/display_page.func.php in cpCommerce 1.1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id_product, (2) id_manufacturer, and (3) id_category parameters to unspecified components. network low complexity cpcommerce CWE-89	7.5
2008-04-22	CVE-2008-1906	Cross-Site Scripting vulnerability in Cpcommerce 1.1.0 Cross-site scripting (XSS) vulnerability in calendar.php in cpCommerce 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the year parameter in a view.year action. network cpcommerce CWE-79	4.3
2007-06-01	CVE-2007-2968	HTML Injection vulnerability in CPCommerce Full Name Field Cross-site scripting (XSS) vulnerability in register.php in cpCommerce 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter (Full Name field). network cpcommerce	4.3
2007-05-31	CVE-2007-2959	SQL Injection vulnerability in CPCommerce Manufacturer.PHP SQL injection vulnerability in manufacturer.php in cpCommerce before 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id_manufacturer parameter. network low complexity cpcommerce	7.5
2007-05-30	CVE-2007-2890	SQL Injection vulnerability in CPCommerce Category.PHP SQL injection vulnerability in category.php in cpCommerce 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id_category parameter. network low complexity cpcommerce	7.5

Vulnerabilities > Cpcommerce {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Cpcommerce"}]}

Vulnerabilities > Cpcommerce