CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2008-6757 – ViArt Shop 3.5 - 'manuals_search.php?manuals_search' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-6757
Cross-site scripting (XSS) vulnerability in manuals_search.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to inject arbitrary web script or HTML via the manuals_search parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en manuals_search.php en ViArt Shop (alias Shopping Cart) v3.5 permite a atacantes remotos inyectar HTML o scripts web arbitrarios a través del parámetro manuals_search. • https://www.exploit-db.com/exploits/32685 http://secunia.com/advisories/33340 http://www.osvdb.org/53284 http://www.securityfocus.com/archive/1/499625/100/0/threaded http://www.securityfocus.com/bid/33043 http://www.securitytracker.com/id?1021497 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 2CVE-2008-3369 – ViArt Shop 3.5 - 'category_id' SQL Injection
https://notcve.org/view.php?id=CVE-2008-3369
SQL injection vulnerability in products_rss.php in ViArt Shop 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the category_id parameter. Vulnerabilidad de inyección SQL en products_rss.php en ViArt Shop 3.5 y anteriores, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "category_id". • https://www.exploit-db.com/exploits/6154 http://secunia.com/advisories/31275 http://securityreason.com/securityalert/4065 http://www.gulftech.org/?node=research&article_id=00118-07292008 http://www.securityfocus.com/archive/1/494839/100/0/threaded http://www.securityfocus.com/bid/30409 http://www.viart.com/another_critical_sql_injection_security_fix_for_version_3_5.html http://www.vupen.com/english/advisories/2008/2205/references https://exchange.xforce.ibmcloud.com/vulnerabilities/4404 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2006-2980
https://notcve.org/view.php?id=CVE-2006-2980
SQL injection vulnerability in block_forum_topic_new.php in ViArt Shop Free 2.5.5, and possibly other distributions including Light, Standard, and Enterprise, might allow remote attackers to execute arbitrary SQL commands via unknown vectors, probably involving the forum_id parameter. • http://www.attrition.org/pipermail/vim/2006-June/000846.html http://www.codetosell.com/downloads/xss_fix.zip https://exchange.xforce.ibmcloud.com/vulnerabilities/27684 •