CVE-2021-32172 – Maian-Cart 3.8 - Remote Code Execution (RCE) (Unauthenticated)
https://notcve.org/view.php?id=CVE-2021-32172
Maian Cart v3.8 contains a preauthorization remote code execution (RCE) exploit via a broken access control issue in the Elfinder plugin. Maian Cart versión v3.8, contiene una explotación de ejecución de código remota (RCE) por medio de un problema de control de acceso roto en el plugin Elfinder • https://www.exploit-db.com/exploits/50394 http://packetstormsecurity.com/files/164445/Maian-Cart-3.8-Remote-Code-Execution.html https://dreyand.github.io/maian-cart-rce https://github.com/DreyAnd/maian-cart-rce https://www.maianscriptworld.co.uk • CWE-862: Missing Authorization •
CVE-2008-2212
https://notcve.org/view.php?id=CVE-2008-2212
Multiple cross-site scripting (XSS) vulnerabilities in Maian Cart 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_adminheader, (2) msg_adminheader2, (3) msg_adminheader3, (4) msg_adminheader4, and unspecified other parameters to admin/inc/header.php; the (5) msg_script3 and unspecified other parameters to admin/inc/footer.php; and the (6) keywords parameter to index.php in a search action. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Maian Cart 1.1 permiten a atacantes remotos inyectar secuencias de comandos web o HTML mediante los parámetros (1) msg_adminheader, (2) msg_adminheader2, (3) msg_adminheader3, (4) msg_adminheader4 y otros no especificados a admin/inc/header.php; (5) msg_script3 y otros no especificados a admin/inc/footer.php; y (6) keywords a index.php en una acción search. • http://securityreason.com/securityalert/3891 http://www.securityfocus.com/archive/1/491581/100/0/threaded http://www.securityfocus.com/bid/29032 https://exchange.xforce.ibmcloud.com/vulnerabilities/42194 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-1075
https://notcve.org/view.php?id=CVE-2008-1075
Cross-site scripting (XSS) vulnerability in index.php in Maian Cart 1.1 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search command. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en index.php de Maian Cart 1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro keywords en un comando de búsqueda. NOTA: el origen de esta información es desconocido; los detalles se han obtenido únicamente de información de terceros. • http://secunia.com/advisories/29114 http://www.securityfocus.com/bid/28028 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •