Vulnerabilities > Shoppingtree

DATE	CVE	VULNERABILITY TITLE	RISK
2008-02-13	CVE-2008-0739	SQL Injection vulnerability in Shoppingtree Candypress Store 4.1.1.26 SQL injection vulnerability in admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and earlier 4.x and 3.x versions, allows remote attackers to execute arbitrary SQL commands via the FedExAccount parameter. network low complexity shoppingtree CWE-89	7.5
2008-02-13	CVE-2008-0738	SQL Injection vulnerability in Shoppingtree Candypress Store 4.1.1.26 Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and earlier 4.1.x versions, allow remote attackers to execute arbitrary SQL commands via the (1) idcust parameter to (a) ajax_getTiers.asp and (b) ajax_getCust.asp in ajax/, and the (2) tableName parameter to (c) ajax/ajax_tableFields.asp. network low complexity shoppingtree CWE-89	7.5
2008-02-13	CVE-2008-0737	SQL Injection vulnerability in Shoppingtree Candypress Store 4.1/4.1.1.26 SQL injection vulnerability in admin/utilities_ConfigHelp.asp in CandyPress (CP) 4.1.1.26, and other 4.x and 3.x versions, allows remote attackers to execute arbitrary SQL commands via the helpfield parameter. network low complexity shoppingtree CWE-89	7.5
2008-02-13	CVE-2008-0736	Information Exposure vulnerability in Shoppingtree Candypress Store 4.1/4.1.1.26 admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and possibly other 4.x and 3.x versions, allows remote attackers to obtain the path via a certain value of the FedExAccount parameter. network low complexity shoppingtree CWE-200	5.0
2008-02-01	CVE-2008-0547	Cross-Site Scripting vulnerability in Shoppingtree Candypress Store 4.1/4.1.1.26 Cross-site scripting (XSS) vulnerability in admin/utilities_ConfigHelp.asp in CandyPress (CP) 4.1.1.26, and probably earlier 4.x and 3.x versions, allows remote attackers to inject arbitrary web script or HTML via the helpfield parameter. network shoppingtree CWE-79	4.3
2008-02-01	CVE-2008-0546	SQL Injection vulnerability in Shoppingtree Candypress Store 4.1/4.1.1.26 Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and earlier 4.1.x versions, allow remote attackers to execute arbitrary SQL commands via the (1) idProduct and (2) options parameters to (a) ajax/ajax_optInventory.asp, or the (2) recid parameter to (b) ajax/ajax_getBrands.asp. network low complexity shoppingtree CWE-89	7.5

Vulnerabilities > Shoppingtree {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Shoppingtree"}]}

Vulnerabilities > Shoppingtree