Codethat » Shoppingcart : Security Vulnerabilities, CVEs,
CodeThat ShoppingCart 1.3.1 stores config.ini under the web root, which allows remote attackers to obtain sensitive information via a direct request.
Max CVSS
5.0
EPSS Score
0.65%
Published
2005-05-16
Updated
2008-09-05
SQL injection vulnerability in catalog.php for CodeThat ShoppingCart 1.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Max CVSS
7.5
EPSS Score
0.50%
Published
2005-05-16
Updated
2008-09-05
Cross-site scripting (XSS) vulnerability in catalog.php for CodeThat ShoppingCart 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
Max CVSS
6.8
EPSS Score
2.27%
Published
2005-05-16
Updated
2008-09-05
3 vulnerabilities found