Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Shoppingtree Subscribe
Filtered by product Candypress Store
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-0736 1 Shoppingtree 1 Candypress Store 2018-10-15 5.0 MEDIUM N/A
admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and possibly other 4.x and 3.x versions, allows remote attackers to obtain the path via a certain value of the FedExAccount parameter.
CVE-2008-0737 1 Shoppingtree 1 Candypress Store 2018-10-15 7.5 HIGH N/A
SQL injection vulnerability in admin/utilities_ConfigHelp.asp in CandyPress (CP) 4.1.1.26, and other 4.x and 3.x versions, allows remote attackers to execute arbitrary SQL commands via the helpfield parameter.
CVE-2008-0546 1 Shoppingtree 1 Candypress Store 2018-10-15 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and earlier 4.1.x versions, allow remote attackers to execute arbitrary SQL commands via the (1) idProduct and (2) options parameters to (a) ajax/ajax_optInventory.asp, or the (2) recid parameter to (b) ajax/ajax_getBrands.asp.
CVE-2008-0547 1 Shoppingtree 1 Candypress Store 2018-10-15 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in admin/utilities_ConfigHelp.asp in CandyPress (CP) 4.1.1.26, and probably earlier 4.x and 3.x versions, allows remote attackers to inject arbitrary web script or HTML via the helpfield parameter.
CVE-2008-0738 1 Shoppingtree 1 Candypress Store 2009-08-19 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and earlier 4.1.x versions, allow remote attackers to execute arbitrary SQL commands via the (1) idcust parameter to (a) ajax_getTiers.asp and (b) ajax_getCust.asp in ajax/, and the (2) tableName parameter to (c) ajax/ajax_tableFields.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-0739 1 Shoppingtree 1 Candypress Store 2009-08-19 7.5 HIGH N/A
SQL injection vulnerability in admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and earlier 4.x and 3.x versions, allows remote attackers to execute arbitrary SQL commands via the FedExAccount parameter.