Dragonfrugal : Security Vulnerabilities, CVEs,

CVE-2007-5098

Multiple PHP remote file inclusion vulnerabilities in DFD Cart 1.1.4 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the set_depth parameter to (1) app.lib/product.control/core.php/product.control.config.php, or (2) customer.browse.list.php or (3) customer.browse.search.php in app.lib/product.control/core.php/customer.area/.
Max CVSS
6.8
EPSS Score
30.44%
Published
2007-09-26
Updated
2017-09-29

CVE-2007-5136

Cross-site scripting (XSS) vulnerability in DFD Cart 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.21%
Published
2007-09-28
Updated
2011-03-08

CVE-2010-1541

Multiple cross-site scripting (XSS) vulnerabilities in DFD Cart 1.198, 1.197, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) category and (2) list_quantity parameters to index.php, and the (3) category parameter to your.order.php.
Max CVSS
4.3
EPSS Score
0.17%
Published
2010-04-26
Updated
2010-04-27

CVE-2010-1542

Multiple cross-site request forgery (CSRF) vulnerabilities in admin/configure.php in DFD Cart 1.198, 1.197, and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks or (2) change unspecified settings.
Max CVSS
6.8
EPSS Score
0.10%
Published
2010-04-26
Updated
2010-04-27
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close