Cactusoft Cactushop vulnerabilities
3 known vulnerabilities affecting cactusoft/cactushop.
Total CVEs
3
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2007-3061P3HIGHCVSS 7.8PoC≤ 62007-06-06
CVE-2007-3061 [HIGH] CWE-255 CVE-2007-3061: Cactushop 6 and earlier stores sensitive information under the web root with insufficient access con
Cactushop 6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) cactushop6.mdb or (2) cactushop5.mdb.
nvd
CVE-2004-1881P3HIGHCVSS 7.5PoCv5.0v5.12004-12-31
CVE-2004-1881 [HIGH] CVE-2004-1881: SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp in CactuShop 5.x allows remote
SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp in CactuShop 5.x allows remote attackers to execute arbitrary SQL commands via the strItems parameter.
nvd
CVE-2004-1882P4MEDIUMCVSS 4.3PoCv5.0v5.12004-12-31
CVE-2004-1882 [MEDIUM] CVE-2004-1882: Cross-site scripting (XSS) vulnerability in popuplargeimage.asp in CactuShop 5.x allows remote attac
Cross-site scripting (XSS) vulnerability in popuplargeimage.asp in CactuShop 5.x allows remote attackers to inject arbitrary web script or HTML via the strImageTag parameter.
nvd