Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-18477 | 1 Hucart | 1 Hucart | 2021-08-27 | 6.5 MEDIUM | 8.8 HIGH |
| SQL Injection vulnerability in Hucart CMS 5.7.4 via the purchase enquiry field found in the Message con_content field. | |||||
| CVE-2020-18475 | 1 Hucart | 1 Hucart | 2021-08-27 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerabilty exists in Hucart CMS 5.7.4 is via the mes_title field. The first user inserts a malicious script into the header field of the outbox and sends it to other users. When other users open the email, the malicious code will be executed. | |||||
| CVE-2020-18476 | 1 Hucart | 1 Hucart | 2021-08-27 | 6.5 MEDIUM | 8.8 HIGH |
| SQL Injection vulnerability in Hucart CMS 5.7.4 via the basic information field found in the avatar usd_image field. | |||||
| CVE-2020-18158 | 1 Hucart | 1 Hucart | 2021-08-03 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in HuCart 5.7.4 via nickname in index.php. | |||||
| CVE-2019-6249 | 1 Hucart | 1 Hucart | 2019-01-16 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in HuCart v5.7.4. There is a CSRF vulnerability that can add an admin account via /adminsys/index.php?load=admins&act=edit_info&act_type=add. | |||||
| CVE-2018-19468 | 1 Hucart | 1 Hucart | 2018-12-19 | 7.5 HIGH | 9.8 CRITICAL |
| HuCart 5.7.4 has SQL injection in get_ip() in system/class/helper_class.php via the X-Forwarded-For HTTP header to the user/index.php?load=login&act=act_login URI. | |||||