The Cart32 shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mcmurtrey_whitaker_and_associates | cart32 | * |
A backdoor password in Cart32 3.0 and earlier allows remote attackers to execute arbitrary commands.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mcmurtrey_whitaker_and_associates | cart32 | 3.0 |
| mcmurtrey_whitaker_and_associates | cart32 | 2.6 |
Cart32 allows remote attackers to access sensitive debugging information by appending /expdate to the URL request.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mcmurtrey_whitaker_and_associates | cart32 | 3.0 |
Cross-site scripting (XSS) vulnerability in (1) cart32.exe or (2) c32web.exe in Cart32 shopping cart allows remote attackers to execute arbitrary web script via the cart32 parameter to a GetLatestBuilds command.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mcmurtrey_whitaker_and_associates | cart32 | 3.0 |
| mcmurtrey_whitaker_and_associates | cart32 | 3.5_build619 |
| mcmurtrey_whitaker_and_associates | cart32 | 3.5a_build710 |
| mcmurtrey_whitaker_and_associates | cart32 | 3.5 |
| mcmurtrey_whitaker_and_associates | cart32 | 3.1 |
| mcmurtrey_whitaker_and_associates | cart32 | 2.5a |
| mcmurtrey_whitaker_and_associates | cart32 | 5.0 |
| mcmurtrey_whitaker_and_associates | cart32 | 2.6 |
| mcmurtrey_whitaker_and_associates | cart32 | 4.4 |
| mcmurtrey_whitaker_and_associates | cart32 | 3.5a |