Vulnerabilities > Viart

DATE CVE VULNERABILITY TITLE RISK
2010-01-04 CVE-2009-4548 Cross-Site Scripting vulnerability in Viart Helpdesk 3.3.2/3.4.7
Multiple cross-site scripting (XSS) vulnerabilities in ViArt Helpdesk 3.x allow remote attackers to inject arbitrary web script or HTML via the category_id parameter to (1) products.php, (2) article.php, (3) product_details.php, or (4) reviews.php; the (5) forum_id parameter to forum.php; or the (6) search_category_id parameter to products_search.php.
network
viart CWE-79
4.3
4.3
2010-01-04 CVE-2009-4547 Cross-Site Scripting vulnerability in Viart CMS 3.3.2
Multiple cross-site scripting (XSS) vulnerabilities in ViArt CMS 3.x allow remote attackers to inject arbitrary web script or HTML via the (1) category_id parameter to forums.php, or the forum_id parameter to (2) forum.php or (3) forum_topic_new.php.
network
viart CWE-79
4.3
4.3
2009-04-28 CVE-2008-6766 Denial-Of-Service vulnerability in Viart Shop 3.5
cart_save.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to cause a denial of service (excessive shopping carts) via a flood of requests.
network
low complexity
viart
5.0
5.0
2009-04-28 CVE-2008-6765 Remote vulnerability in Viart Shop 3.5
ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to access the contents of an arbitrary shopping cart via a modified cart_name parameter.
network
low complexity
viart
5.0
5.0
2009-04-28 CVE-2008-6760 Link Following vulnerability in Viart Shop 3.5
ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain sensitive information via an unauthenticated add and save action for a shopping cart in cart_save.php, which reveals the SQL table names in an error message, related to code that mishandles the lack of a user_id parameter.
network
viart CWE-59
4.3
4.3
2009-04-28 CVE-2008-6759 Link Following vulnerability in Viart Shop 3.5
ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain sensitive information via a URL in the POST_DATA parameter to manuals_search.php, which reveals the installation path in an error message.
network
viart CWE-59
4.3
4.3
2009-04-28 CVE-2008-6758 Cross-Site Request Forgery (CSRF) vulnerability in Viart Shop 3.5
Cross-site request forgery (CSRF) vulnerability in cart_save.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to hijack the authentication of arbitrary users for requests that conduct persistent cross-site scripting (XSS) attacks via the cart_name parameter in a save action.
network
viart CWE-352
6.8
6.8
2009-04-28 CVE-2008-6757 Cross-Site Scripting vulnerability in Viart Shop 3.5
Cross-site scripting (XSS) vulnerability in manuals_search.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to inject arbitrary web script or HTML via the manuals_search parameter.
network
viart CWE-79
4.3
4.3
2008-07-30 CVE-2008-3369 SQL Injection vulnerability in Viart Shop
SQL injection vulnerability in products_rss.php in ViArt Shop 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
network
low complexity
viart CWE-89
7.5
7.5
2007-12-13 CVE-2007-6347 Code Injection vulnerability in Viart products
PHP remote file inclusion vulnerability in blocks/block_site_map.php in ViArt (1) CMS 3.3.2, (2) HelpDesk 3.3.2, (3) Shop Evaluation 3.3.2, and (4) Shop Free 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the root_folder_path parameter.
network
viart CWE-94
6.8
6.8