CVE-2007-3061
- EPSS 6.19%
- Veröffentlicht 06.06.2007 01:30:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Cactushop 6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) cactushop6.mdb or (2) cactushop5.mdb.
CVE-2006-5991
- EPSS 1.14%
- Veröffentlicht 21.11.2006 02:07:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Multiple SQL injection vulnerabilities in wwweb concepts CactuShop allow remote attackers to execute arbitrary SQL commands via the (1) prodtype parameter in prodtype.asp and the (2) product parameter in product.asp.
CVE-2004-1881
- EPSS 1.5%
- Veröffentlicht 31.12.2004 05:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp in CactuShop 5.x allows remote attackers to execute arbitrary SQL commands via the strItems parameter.
CVE-2004-1882
- EPSS 9.31%
- Veröffentlicht 31.12.2004 05:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Cross-site scripting (XSS) vulnerability in popuplargeimage.asp in CactuShop 5.x allows remote attackers to inject arbitrary web script or HTML via the strImageTag parameter.