Vulnerabilities > Qualiteam > X Cart
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-06-01 | CVE-2005-1822 | SQL Injection and Cross-Site Scripting vulnerability in Qualiteam X-Cart 4.0.8 Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) printable parameter to home.php, (3) productid or (4) mode parameter to product.php, (5) id parameter to error_message.php, (6) section parameter to help.php, (7) mode parameter to orders.php, (8) mode parameter to register.php, (9) mode parameter to search.php, or the (10) gcid or (11) gcindex parameter to giftcert.php. | 7.5 |
2004-11-23 | CVE-2004-0242 | Remote Information Disclosure vulnerability in Qualiteam X-Cart X-Cart 3.4.3 allows remote attackers to gain sensitive information via a mode parameter with (1) phpinfo command or (2) perlinfo command. | 5.0 |
2004-11-23 | CVE-2004-0241 | Remote Command Execution vulnerability in Qualiteam X-Cart X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via the perl_binary argument in (1) upgrade.php or (2) general.php. | 10.0 |
2004-11-23 | CVE-2004-0240 | Directory Traversal vulnerability in X-Cart Directory traversal vulnerability in X-Cart 3.4.3 allows remote attackers to view arbitrary files via a .. | 5.0 |