National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:hucart:hucart:5.7.4
There are 2 matching records.
Vuln ID Summary CVSS Severity
CVE-2019-6249

An issue was discovered in HuCart v5.7.4. There is a CSRF vulnerability that can add an admin account via /adminsys/index.php?load=admins&act=edit_info&act_type=add.

Published: January 13, 2019; 10:29:00 AM -05:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2018-19468

HuCart 5.7.4 has SQL injection in get_ip() in system/class/helper_class.php via the X-Forwarded-For HTTP header to the user/index.php?load=login&act=act_login URI.

Published: November 23, 2018; 12:29:03 AM -05:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH