SQL injection vulnerability in index.php for Lighthouse Squirrelcart allows remote attackers to execute arbitrary SQL commands via the (1) crn parameter in a show action or (2) rn parameter in a show_detail action.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lighthouse_development | squirrelcart | 1.5.5 |
PHP remote file inclusion vulnerability in cart_content.php in Squirrelcart 2.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cart_isp_root parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lighthouse_development | squirrelcart | 2.2.2 |
| lighthouse_development | squirrelcart | 1.5.5 |
| lighthouse_development | squirrelcart | 1.6 |