Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Midicart Software Subscribe

Filtered by product Midicart Php Shopping Cart

Total 6 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2006-6463	1 Midicart Software	1 Midicart Php Shopping Cart	2018-10-17	6.5 MEDIUM	N/A
Unrestricted file upload vulnerability in admin/add.php in Midicart allows remote authenticated users to upload arbitrary .php files, and possibly other files, to the images/ directory under the web root.
CVE-2006-6464	1 Midicart Software	1 Midicart Php Shopping Cart	2018-10-17	5.0 MEDIUM	N/A
viewcart in Midicart accepts negative numbers in the Qty (quantity) field, which allows remote attackers to obtain a smaller total price for a shopping cart.
CVE-2005-1501	1 Midicart Software	1 Midicart Php Shopping Cart	2017-07-10	7.5 HIGH	N/A
MidiCart PHP Shopping Cart allows remote attackers to obtain sensitive information via a direct request to (1) search_list.php, (2) item_list.php, or (3) item_show.php, which reveal the path in a PHP error message.
CVE-2005-1502	1 Midicart Software	1 Midicart Php Shopping Cart	2017-07-10	6.8 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in MidiCart PHP Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the (1) searchstring parameter to search_list.php or the (2) secondgroup or (3) maingroup parameters to item_list.php.
CVE-2005-1503	1 Midicart Software	1 Midicart Php Shopping Cart	2017-07-10	7.5 HIGH	N/A
Multiple SQL injection vulnerabilities in MidiCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) searchstring parameter to search_list.php, the (2) maingroup or (3) secondgroup parameters to item_list.php, or (4) code_no parameter to item_show.php.
CVE-2005-2601	1 Midicart Software	1 Midicart Php Shopping Cart	2008-09-05	7.5 HIGH	N/A
SQL injection vulnerability in MidiCart allows remote attackers to execute arbitrary SQL commands via the code_no parameter to (1) Item_Show.asp or (2) search_list.asp.