CVSS: 7.5EPSS: 6%CPEs: 1EXPL: 6CVE-2015-2183 – Zeuscart 4.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-2183
10 Mar 2015 — Multiple SQL injection vulnerabilities in the administrative backend in ZeusCart 4 allow remote administrators to execute arbitrary SQL commands via the id parameter in a (1) disporders detail or (2) subadminmgt edit action or (3) cid parameter in an editcurrency action to admin/. Múltiples vulnerabilidades de inyección SQL en el backend administrativo en ZeusCart 4 permiten a administradores remotos ejecutar comandos SQL arbitrarios a través del parámetro id en (1) un detalle disporders o (2) una acción su... • https://www.exploit-db.com/exploits/36159 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 4CVE-2014-3868 – ZeusCart - 'prodid' SQL Injection
https://notcve.org/view.php?id=CVE-2014-3868
25 Jun 2014 — Multiple SQL injection vulnerabilities in ZeusCart 4.x. Múltiples vulnerabilidades de inyección SQL en ZeusCart versiones 4.x. ZeusCart version 4.x suffers from a remote SQL injection vulnerability. • https://packetstorm.news/files/id/127196 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2009-4940 – ZeusCart 2.3 - 'maincatid' SQL Injection
https://notcve.org/view.php?id=CVE-2009-4940
22 Jul 2010 — SQL injection vulnerability in index.php in Zeus Cart 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action. Vulnerabilidad de inyección SQL en index.php en Zeus Cart v2.3 y anteriores permite a atacantes remotos ejecutar comandos SQL a través del parámetro maincatid en una acción showmaincatlanding. • https://www.exploit-db.com/exploits/8829 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •