cbcvebase.

Alegrocart vulnerabilities

4 known vulnerabilities affecting alegrocart/alegrocart.

Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2010-1611P4MEDIUMCVSS 6.8PoCv1.12010-04-29
CVE-2010-1611 [MEDIUM] CWE-352 CVE-2010-1611: Cross-site request forgery (CSRF) vulnerability in AlegroCart 1.1 allows remote attackers to hijack Cross-site request forgery (CSRF) vulnerability in AlegroCart 1.1 allows remote attackers to hijack the authentication of the administrator for requests that reset the administrator password via a POST to admin/ with an update action.
nvd
CVE-2015-9226P3HIGHCVSS 7.2v1.2.82017-09-11
CVE-2015-9226 [HIGH] CWE-89 CVE-2015-9226: Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute ar Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the (1) check_download and possibly (2) check_filename function in upload/admin2/model/products/model_admin_download.php or remote authenticated users with a valid Paypal transaction token to execute arbit
nvd
CVE-2015-9227P3HIGHCVSS 7.2v1.2.82017-09-11
CVE-2015-9227 [HIGH] CWE-94 CVE-2015-9227: PHP remote file inclusion vulnerability in the get_file function in upload/admin2/controller/report_ PHP remote file inclusion vulnerability in the get_file function in upload/admin2/controller/report_logs.php in AlegroCart 1.2.8 allows remote administrators to execute arbitrary PHP code via a URL in the file_path parameter to upload/admin2.
nvd
CVE-2011-3701P4MEDIUMCVSS 5.0v1.2.32011-09-23
CVE-2011-3701 [MEDIUM] CWE-200 CVE-2011-3701: AlegroCart 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a . AlegroCart 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by common.php and certain other files.
nvd
Alegrocart vulnerabilities | cvebase