Vulnerabilities > Midicart Software
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-01 | CVE-2006-6209 | SQL Injection vulnerability in Midicart Software products Multiple SQL injection vulnerabilities in MidiCart ASP Shopping Cart and ASP Plus Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) id2006quant parameter to (a) item_show.asp, or the (2) maingroup or (3) secondgroup parameter to (b) item_list.asp. | 7.5 |
| 2005-08-17 | CVE-2005-2601 | SQL Injection vulnerability in MidiCart ASP Item_Show.ASP Code_No Parameter SQL injection vulnerability in MidiCart allows remote attackers to execute arbitrary SQL commands via the code_no parameter to (1) Item_Show.asp or (2) search_list.asp. | 7.5 |
| 2005-05-11 | CVE-2005-1503 | SQL Injection vulnerability in MidiCart PHP Search_List.PHP SearchString Parameter Multiple SQL injection vulnerabilities in MidiCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) searchstring parameter to search_list.php, the (2) maingroup or (3) secondgroup parameters to item_list.php, or (4) code_no parameter to item_show.php. | 7.5 |
| 2005-05-11 | CVE-2005-1502 | Cross-Site Scripting vulnerability in MidiCart PHP Search_List.PHP SearchString Parameter Cross-site scripting (XSS) vulnerability in MidiCart PHP Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the (1) searchstring parameter to search_list.php or the (2) secondgroup or (3) maingroup parameters to item_list.php. network midicart-software | 6.8 |
| 2005-05-11 | CVE-2005-1501 | Information Disclosure vulnerability in MidiCart PHP Shopping Cart MidiCart PHP Shopping Cart allows remote attackers to obtain sensitive information via a direct request to (1) search_list.php, (2) item_list.php, or (3) item_show.php, which reveal the path in a PHP error message. | 7.5 |