Fishnet » Fishcart : Security Vulnerabilities, CVEs,

CVE-2005-1487

Multiple SQL injection vulnerabilities in FishCart 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) cartid parameter to upstnt.php or (2) psku parameter to display.php. NOTE: the vendor disputes this report, saying that they are forced SQL errors. The original researcher is known to be unreliable
Max CVSS
7.5
EPSS Score
0.72%
Published
2005-05-11
Updated
2024-04-11

CVE-2005-1486

Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) trackingnum, (2) reqagree, or (3) m parameter to upstracking.php or (4) nlst parameter to display.php. NOTE: the vendor was not able to reproduce some of the reported vectors but believes that they have been addressed. The original researcher is known to be unreliable.
Max CVSS
5.0
EPSS Score
1.67%
Published
2005-05-11
Updated
2018-10-19

CVE-2004-0062

Integer overflow in the rnd arithmetic rounding function for various versions of FishCart before 3.1 allows remote attackers to "cause negative totals" via an order with a large quantity.
Max CVSS
7.5
EPSS Score
0.87%
Published
2004-02-17
Updated
2016-10-18
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close