Vulnerabilities > Tomatocart > Tomatocart > 1.1.8.6.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-10-20 | CVE-2014-3978 | SQL Injection vulnerability in Tomatocart 1.1.8.6.1 SQL injection vulnerability in TomatoCart 1.1.8.6.1 allows remote authenticated users to execute arbitrary SQL commands via the First Name and Last Name fields in a new address book contact. | 6.5 |
| 2014-10-20 | CVE-2014-3830 | Cross-Site Scripting vulnerability in Tomatocart 1.1.8.6.1 Cross-site scripting (XSS) vulnerability in info.php in TomatoCart 1.1.8.6.1 allows remote attackers to inject arbitrary web script or HTML via the faqs_id parameter. | 4.3 |