c32web.exe in McMurtrey/Whitaker Cart32 before 6.4 allows remote attackers to read arbitrary files via the ImageName parameter in a GetImage action, by appending a NULL byte (%00) sequence followed by an image file extension, as demonstrated by a request for a ".txt%00.gif" file. NOTE: this might be a directory traversal vulnerability.
Max CVSS
5.0
EPSS Score
0.80%
Published
2007-10-06
Updated
2018-10-15
Cross-site scripting (XSS) vulnerability in (1) cart32.exe or (2) c32web.exe in Cart32 shopping cart allows remote attackers to execute arbitrary web script via the cart32 parameter to a GetLatestBuilds command.
Max CVSS
6.8
EPSS Score
0.70%
Published
2004-08-06
Updated
2017-07-11
Cart32 allows remote attackers to access sensitive debugging information by appending /expdate to the URL request.
Max CVSS
5.0
EPSS Score
1.97%
Published
2000-05-03
Updated
2016-10-18
A backdoor password in Cart32 3.0 and earlier allows remote attackers to execute arbitrary commands.
Max CVSS
7.5
EPSS Score
2.21%
Published
2000-04-27
Updated
2016-10-18
The Cart32 shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
Max CVSS
7.5
EPSS Score
3.64%
Published
2000-02-01
Updated
2022-08-17
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!