Skip to main content

Zeuscart

4 CVEs product

Monthly

CVE-2018-25435 MEDIUM POC This Month

ZeusCart 4.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of victims by crafting malicious requests. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Zeuscart
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2015-2182 MEDIUM POC THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in ZeusCart 4 allow remote attackers to inject arbitrary web script or HTML via the (1) schltr parameter in a brands action or (2) brand parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 10.7%.

XSS PHP Zeuscart
NVD Exploit-DB GitHub
CVSS 2.0
4.3
EPSS
10.7%
CVE-2015-2184 MEDIUM POC THREAT This Month

ZeusCart 4 allows remote attackers to obtain configuration information via a getphpinfo action to admin/, which calls the phpinfo function. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.5%.

Information Disclosure Zeuscart
NVD Exploit-DB GitHub
CVSS 2.0
5.0
EPSS
11.5%
CVE-2015-2183 HIGH POC This Week

Multiple SQL injection vulnerabilities in the administrative backend in ZeusCart 4 allow remote administrators to execute arbitrary SQL commands via the id parameter in a (1) disporders detail or (2). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zeuscart
NVD Exploit-DB GitHub
CVSS 2.0
7.5
EPSS
3.9%
EPSS 0% CVSS 6.9
MEDIUM POC This Month

ZeusCart 4.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of victims by crafting malicious requests. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Zeuscart
NVD Exploit-DB
EPSS 11% CVSS 4.3
MEDIUM POC THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in ZeusCart 4 allow remote attackers to inject arbitrary web script or HTML via the (1) schltr parameter in a brands action or (2) brand parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 10.7%.

XSS PHP Zeuscart
NVD Exploit-DB GitHub
EPSS 11% CVSS 5.0
MEDIUM POC THREAT This Month

ZeusCart 4 allows remote attackers to obtain configuration information via a getphpinfo action to admin/, which calls the phpinfo function. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.5%.

Information Disclosure Zeuscart
NVD Exploit-DB GitHub
EPSS 4% CVSS 7.5
HIGH POC This Week

Multiple SQL injection vulnerabilities in the administrative backend in ZeusCart 4 allow remote administrators to execute arbitrary SQL commands via the id parameter in a (1) disporders detail or (2). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zeuscart
NVD Exploit-DB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy