CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
97.5%
Multiple PHP remote file inclusion vulnerabilities in WAHM E-Commerce Pie Cart Pro allow remote attackers to execute arbitrary PHP code via a URL in the Inc_Dir parameter in (1) affiliates.php, (2) orders.php, (3) events.php, (4) index.php, (5) articles.php, (6) faqs.php, (7) guestbook.php, (8) catalog.php, (9) wholesale.php, (10) weblinks.php, (11) certificates.php, (12) sitesearch.php, (13) contact.php, (14) sitemap.php, (15) search.php, (16) registry.php, or (17) error.php.
Vendor | Product | Version | CPE |
---|---|---|---|
wahm_e-commerce | pie_cart_pro | * | cpe:2.3:a:wahm_e-commerce:pie_cart_pro:*:*:*:*:*:*:*:* |
secunia.com/advisories/22131
www.osvdb.org/29198
www.osvdb.org/29199
www.osvdb.org/29200
www.osvdb.org/29201
www.osvdb.org/29202
www.osvdb.org/29203
www.osvdb.org/29204
www.osvdb.org/29205
www.osvdb.org/29206
www.osvdb.org/29207
www.osvdb.org/29208
www.osvdb.org/29209
www.osvdb.org/29210
www.osvdb.org/29211
www.osvdb.org/29212
www.osvdb.org/29213
www.osvdb.org/29214
www.securityfocus.com/bid/20099
www.vupen.com/english/advisories/2006/3798
exchange.xforce.ibmcloud.com/vulnerabilities/29023
www.exploit-db.com/exploits/2393