C97 Cart Engine vulnerabilities
3 known vulnerabilities affecting c97/cart_engine.
Total CVEs
3
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2014-8306P3HIGHCVSS 7.5PoC≤ 3.02014-10-16
CVE-2014-8306 [HIGH] CWE-89 CVE-2014-8306: SQL injection vulnerability in the sql_query function in cart.php in C97net Cart Engine before 4.0 a
SQL injection vulnerability in the sql_query function in cart.php in C97net Cart Engine before 4.0 allows remote attackers to execute arbitrary SQL commands via the item_id variable, as demonstrated by the (1) item_id[0] or (2) item_id[] parameter.
nvd
CVE-2014-8305P4MEDIUMCVSS 6.4PoC≤ 3.02014-10-16
CVE-2014-8305 [MEDIUM] CVE-2014-8305: Open redirect vulnerability in the redir function in includes/function.php in C97net Cart Engine bef
Open redirect vulnerability in the redir function in includes/function.php in C97net Cart Engine before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header to (1) index.php, (2) cart.php, (3) msg.php, or (4) page.php.
nvd
CVE-2014-8307P4MEDIUMCVSS 4.3PoC≤ 3.02014-10-16
CVE-2014-8307 [MEDIUM] CWE-79 CVE-2014-8307: Multiple cross-site scripting (XSS) vulnerabilities in skins/default/outline.tpl in C97net Cart Engi
Multiple cross-site scripting (XSS) vulnerabilities in skins/default/outline.tpl in C97net Cart Engine before 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) path parameter in the "drop down TOP menu (with path)" section or (2) print_this_page variable in the footer_content_block section, as demonstrated by the QUERY_STRIN
nvd