Fishcart

fishcart

Vendor: Fishnet • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2005-1487 1Fishnet 1Fishcart Apr 16, 2026 May 11, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple SQL injection vulnerabilities in FishCart 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) cartid parameter to upstnt.php or (2) psku parameter to display.php. NOTE: the vendor disputes...Show more Multiple SQL injection vulnerabilities in FishCart 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) cartid parameter to upstnt.php or (2) psku parameter to display.php. NOTE: the vendor disputes this report, saying that they are forced SQL errors. The original researcher is known to be unreliableShow less
CVE-2005-1486 1Fishnet 1Fishcart Apr 16, 2026 May 11, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) trackingnum, (2) reqagree, or (3) m parameter to upstracking.php or (4) nlst paramet...Show more Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) trackingnum, (2) reqagree, or (3) m parameter to upstracking.php or (4) nlst parameter to display.php. NOTE: the vendor was not able to reproduce some of the reported vectors but believes that they have been addressed. The original researcher is known to be unreliable.Show less
CVE-2004-0062 1Fishnet 1Fishcart Apr 16, 2026 Feb 17, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 Integer overflow in the rnd arithmetic rounding function for various versions of FishCart before 3.1 allows remote attackers to "cause negative totals" via an order with a large quantity.