) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- CPE Product Version: cpe:/a:hucart:hucart:5.7.4
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2020-18477 |
SQL Injection vulnerability in Hucart CMS 5.7.4 via the purchase enquiry field found in the Message con_content field. Published: August 26, 2021; 2:15:07 PM -0400 |
V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2020-18476 |
SQL Injection vulnerability in Hucart CMS 5.7.4 via the basic information field found in the avatar usd_image field. Published: August 26, 2021; 2:15:07 PM -0400 |
V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2020-18475 |
Cross Site Scripting (XSS) vulnerabilty exists in Hucart CMS 5.7.4 is via the mes_title field. The first user inserts a malicious script into the header field of the outbox and sends it to other users. When other users open the email, the malicious code will be executed. Published: August 26, 2021; 2:15:07 PM -0400 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2020-18158 |
Cross Site Scripting (XSS) vulnerability in HuCart 5.7.4 via nickname in index.php. Published: July 30, 2021; 10:15:13 AM -0400 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2019-6249 |
An issue was discovered in HuCart v5.7.4. There is a CSRF vulnerability that can add an admin account via /adminsys/index.php?load=admins&act=edit_info&act_type=add. Published: January 13, 2019; 10:29:00 AM -0500 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2018-19468 |
HuCart 5.7.4 has SQL injection in get_ip() in system/class/helper_class.php via the X-Forwarded-For HTTP header to the user/index.php?load=login&act=act_login URI. Published: November 23, 2018; 12:29:03 AM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |