Filtered by vendor Cactusoft Subscriptions
Filtered by product Cactushop Subscriptions
Total 4 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2007-3061 1 Cactusoft 1 Cactushop 2024-11-21 N/A
Cactushop 6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) cactushop6.mdb or (2) cactushop5.mdb.
CVE-2006-5991 1 Cactusoft 1 Cactushop 2024-11-21 N/A
Multiple SQL injection vulnerabilities in wwweb concepts CactuShop allow remote attackers to execute arbitrary SQL commands via the (1) prodtype parameter in prodtype.asp and the (2) product parameter in product.asp.
CVE-2004-1882 1 Cactusoft 1 Cactushop 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in popuplargeimage.asp in CactuShop 5.x allows remote attackers to inject arbitrary web script or HTML via the strImageTag parameter.
CVE-2004-1881 1 Cactusoft 1 Cactushop 2024-11-21 N/A
SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp in CactuShop 5.x allows remote attackers to execute arbitrary SQL commands via the strItems parameter.