Vulnerabilities > Viart > Viart Shop
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-04-28 | CVE-2008-6766 | Denial-Of-Service vulnerability in Viart Shop 3.5 cart_save.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to cause a denial of service (excessive shopping carts) via a flood of requests. | 5.0 |
2009-04-28 | CVE-2008-6765 | Remote vulnerability in Viart Shop 3.5 ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to access the contents of an arbitrary shopping cart via a modified cart_name parameter. | 5.0 |
2009-04-28 | CVE-2008-6760 | Link Following vulnerability in Viart Shop 3.5 ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain sensitive information via an unauthenticated add and save action for a shopping cart in cart_save.php, which reveals the SQL table names in an error message, related to code that mishandles the lack of a user_id parameter. | 4.3 |
2009-04-28 | CVE-2008-6759 | Link Following vulnerability in Viart Shop 3.5 ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain sensitive information via a URL in the POST_DATA parameter to manuals_search.php, which reveals the installation path in an error message. | 4.3 |
2009-04-28 | CVE-2008-6758 | Cross-Site Request Forgery (CSRF) vulnerability in Viart Shop 3.5 Cross-site request forgery (CSRF) vulnerability in cart_save.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to hijack the authentication of arbitrary users for requests that conduct persistent cross-site scripting (XSS) attacks via the cart_name parameter in a save action. | 6.8 |
2009-04-28 | CVE-2008-6757 | Cross-Site Scripting vulnerability in Viart Shop 3.5 Cross-site scripting (XSS) vulnerability in manuals_search.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to inject arbitrary web script or HTML via the manuals_search parameter. | 4.3 |
2008-07-30 | CVE-2008-3369 | SQL Injection vulnerability in Viart Shop SQL injection vulnerability in products_rss.php in ViArt Shop 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the category_id parameter. | 7.5 |