Vulnerabilities (CVE)

Filtered by vendor Viart Subscribe

Filtered by product Viart Shop

Total 7 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2008-6766	1 Viart	1 Viart Shop	2024-11-21	5.0 MEDIUM	N/A
cart_save.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to cause a denial of service (excessive shopping carts) via a flood of requests.
CVE-2008-6765	1 Viart	1 Viart Shop	2024-11-21	5.0 MEDIUM	N/A
ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to access the contents of an arbitrary shopping cart via a modified cart_name parameter.
CVE-2008-6760	1 Viart	1 Viart Shop	2024-11-21	4.3 MEDIUM	N/A
ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain sensitive information via an unauthenticated add and save action for a shopping cart in cart_save.php, which reveals the SQL table names in an error message, related to code that mishandles the lack of a user_id parameter.
CVE-2008-6759	1 Viart	1 Viart Shop	2024-11-21	4.3 MEDIUM	N/A
ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain sensitive information via a URL in the POST_DATA parameter to manuals_search.php, which reveals the installation path in an error message.
CVE-2008-6758	1 Viart	1 Viart Shop	2024-11-21	6.8 MEDIUM	N/A
Cross-site request forgery (CSRF) vulnerability in cart_save.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to hijack the authentication of arbitrary users for requests that conduct persistent cross-site scripting (XSS) attacks via the cart_name parameter in a save action.
CVE-2008-6757	1 Viart	1 Viart Shop	2024-11-21	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in manuals_search.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to inject arbitrary web script or HTML via the manuals_search parameter.
CVE-2008-3369	1 Viart	1 Viart Shop	2024-11-21	7.5 HIGH	N/A
SQL injection vulnerability in products_rss.php in ViArt Shop 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the category_id parameter.