Reality66 Cart66 Lite vulnerabilities
3 known vulnerabilities affecting reality66/cart66_lite.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM2LOW1
Vulnerabilities
Page 1 of 1
CVE-2014-9305P3MEDIUMCVSS 6.5PoC≤ 1.5.1.172014-12-08
CVE-2014-9305 [MEDIUM] CWE-89 CVE-2014-9305: SQL injection vulnerability in the shortcodeProductsTable function in models/Cart66Ajax.php in the C
SQL injection vulnerability in the shortcodeProductsTable function in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.2 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a shortcode_products_table action to wp-admin/admin-ajax.php.
nvd
CVE-2014-9442P4MEDIUMCVSS 6.5v1.5.32015-01-02
CVE-2014-9442 [MEDIUM] CWE-89 CVE-2014-9442: SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for Word
SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the q parameter in a promotionProductSearch action to wp-admin/admin-ajax.php.
nvd
CVE-2014-9461P4LOWCVSS 3.5≤ 1.5.32015-01-02
CVE-2014-9461 [LOW] CWE-22 CVE-2014-9461: Directory traversal vulnerability in models/Cart66.php in the Cart66 Lite plugin before 1.5.4 for Wo
Directory traversal vulnerability in models/Cart66.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to read arbitrary files via a .. (dot dot) in the member_download action to wp-admin/admin-ajax.php.
nvd