CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 3CVE-2008-6765 – Viart shopping cart 3.5 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-6765
ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to access the contents of an arbitrary shopping cart via a modified cart_name parameter. Viart Shop (alias Shopping Cart) v3.5 permite a atacantes remotos acceder al contenido de un carrito de la compra a su elección a través de un parámetro cart_name modificado. • https://www.exploit-db.com/exploits/7628 http://www.securityfocus.com/archive/1/499625/100/0/threaded http://www.securityfocus.com/bid/33043 http://www.securitytracker.com/id?1021497 •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 2CVE-2008-3369 – ViArt Shop 3.5 - 'category_id' SQL Injection
https://notcve.org/view.php?id=CVE-2008-3369
SQL injection vulnerability in products_rss.php in ViArt Shop 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the category_id parameter. Vulnerabilidad de inyección SQL en products_rss.php en ViArt Shop 3.5 y anteriores, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "category_id". • https://www.exploit-db.com/exploits/6154 http://secunia.com/advisories/31275 http://securityreason.com/securityalert/4065 http://www.gulftech.org/?node=research&article_id=00118-07292008 http://www.securityfocus.com/archive/1/494839/100/0/threaded http://www.securityfocus.com/bid/30409 http://www.viart.com/another_critical_sql_injection_security_fix_for_version_3_5.html http://www.vupen.com/english/advisories/2008/2205/references https://exchange.xforce.ibmcloud.com/vulnerabilities/4404 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 8%CPEs: 4EXPL: 2CVE-2007-6347 – ViArt CMS/Shop/Helpdesk 3.3.2 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-6347
PHP remote file inclusion vulnerability in blocks/block_site_map.php in ViArt (1) CMS 3.3.2, (2) HelpDesk 3.3.2, (3) Shop Evaluation 3.3.2, and (4) Shop Free 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the root_folder_path parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inclusión remota de archivo en PHP en blocks/block_site_map.php de ViArt (1) CMS 3.3.2, (2) HelpDesk 3.3.2, (3) Shop Evaluation 3.3.2, y (4) Shop Free 3.3.2 permite a atacantes remotos ejecutar código PHP de su elección mediante un URL en el parámetro root_folder_path. NOTA: algunos de estos detalles se han obtenido de información de terceros. • https://www.exploit-db.com/exploits/4722 http://osvdb.org/42628 http://secunia.com/advisories/28066 http://www.securityfocus.com/bid/26828 http://www.vupen.com/english/advisories/2007/4207 https://exchange.xforce.ibmcloud.com/vulnerabilities/38993 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5463
https://notcve.org/view.php?id=CVE-2007-5463
ideal_process.php in the iDEAL payment module in ViArt Shop 3.3 beta and earlier might allow remote attackers to obtain the pathname for certificate and key files via an "iDEAL transaction", possibly involving fopen error messages for nonexistent files, a different issue than CVE-2007-5364. NOTE: this can be leveraged for reading certificate or key files if an installation places these files under the web document root. ideal_process.php en el módulo de pago iDEAL de ViArt Shop 3.3 beta y versiones anteriores podría permitir a atacantes remotos obtener el nombre de ruta de un certificado y ficheros de clave mediante una "transacción iDEAL", posiblemente involucrando mensajes de error fopen para ficheros no existentes, asunto diferente de CVE-2007-5364. NOTA: esto podría ser utilizado para leer certificados o ficheros de clave si una instalación sitúa estos ficheros bajo la raíz de documentos web. • http://osvdb.org/40151 http://secunia.com/advisories/27199 http://securityreason.com/securityalert/3233 http://www.securityfocus.com/archive/1/481978/100/0/threaded http://www.securityfocus.com/bid/25998 http://www.viart.com/ideal_process_script_fix_for_release_32_and_33_beta.html https://exchange.xforce.ibmcloud.com/vulnerabilities/37048 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2979
https://notcve.org/view.php?id=CVE-2006-2979
Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Free 2.5.5, and possibly other distributions including Light, Standard, and Enterprise, allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter in forum.php, which is not properly handled in block_forum_topics.php, and (2) item_id parameter in reviews.php, which is not properly handled in block_reviews.php. • http://secunia.com/advisories/20538 http://securityreason.com/securityalert/1087 http://www.attrition.org/pipermail/vim/2006-June/000846.html http://www.codetosell.com/downloads/xss_fix.zip http://www.securityfocus.com/archive/1/436415/100/0/threaded http://www.securityfocus.com/bid/18369 http://www.vupen.com/english/advisories/2006/2253 https://exchange.xforce.ibmcloud.com/vulnerabilities/27112 •