ZeusCart/zeuscart

ZeusCart/zeuscart

Releases0

Stars42

ZeusCart - PHP - MySQL Based Open Source Shopping Cart - Resposnive Design - GPL License

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2014-3868 ↗	Jan 31, 2020Friday, 31 January 2020, 22:15	8.8 HIGH	6.5 MEDIUM
Multiple SQL injection vulnerabilities in ZeusCart 4.x.
CVE-2015-2182 ↗	Mar 11, 2015Wednesday, 11 March 2015, 14:59	—	4.3 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in ZeusCart 4 allow remote attackers to inject arbitrary web script or HTML via the (1) schltr parameter in a brands action or (2) brand parameter in a viewbrands action to index.php. NOTE: The search parameter vector is already covered by CVE-2010-5322.
CVE-2010-5322 ↗	Mar 11, 2015Wednesday, 11 March 2015, 14:59	—	4.3 MEDIUM
Cross-site scripting (XSS) vulnerability in ZeusCart 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action to index.php.
CVE-2015-2184 ↗	Mar 10, 2015Tuesday, 10 March 2015, 14:59	—	5 MEDIUM
ZeusCart 4 allows remote attackers to obtain configuration information via a getphpinfo action to admin/, which calls the phpinfo function.
CVE-2015-2183 ↗	Mar 10, 2015Tuesday, 10 March 2015, 14:59	—	7.5 HIGH
Multiple SQL injection vulnerabilities in the administrative backend in ZeusCart 4 allow remote administrators to execute arbitrary SQL commands via the id parameter in a (1) disporders detail or (2) subadminmgt edit action or (3) cid parameter in an editcurrency action to admin/.