CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2009-2579

SQL injection vulnerability in reward_points.post.php in the Reward points addon in CS-Cart before 2.0.6 allows remote authenticated users to execute arbitrary SQL commands via the sort_order parameter in a reward_points.userlog action to index.php, a different vulnerability than CVE-2005-4429.2.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 60.7%

CVSS Severity

CVSS v2 Score 6.5

References

Products affected by CVE-2009-2579

Cs-Cart » Cs-Cart » Version: .1.3.0

cpe:2.3:a:cs-cart:cs-cart:.1.3.0
Cs-Cart » Cs-Cart » Version: .1.3.2

cpe:2.3:a:cs-cart:cs-cart:.1.3.2
Cs-Cart » Cs-Cart » Version: .1.3.3

cpe:2.3:a:cs-cart:cs-cart:.1.3.3
Cs-Cart » Cs-Cart » Version: .1.3.4

cpe:2.3:a:cs-cart:cs-cart:.1.3.4
Cs-Cart » Cs-Cart » Version: 1.1

cpe:2.3:a:cs-cart:cs-cart:1.1
Cs-Cart » Cs-Cart » Version: 1.2

cpe:2.3:a:cs-cart:cs-cart:1.2
Cs-Cart » Cs-Cart » Version: 1.3.0

cpe:2.3:a:cs-cart:cs-cart:1.3.0
Cs-Cart » Cs-Cart » Version: 1.3.2

cpe:2.3:a:cs-cart:cs-cart:1.3.2
Cs-Cart » Cs-Cart » Version: 1.3.3

cpe:2.3:a:cs-cart:cs-cart:1.3.3
Cs-Cart » Cs-Cart » Version: 1.3.4

cpe:2.3:a:cs-cart:cs-cart:1.3.4
Cs-Cart » Cs-Cart » Version: 1.3.5

cpe:2.3:a:cs-cart:cs-cart:1.3.5
Cs-Cart » Cs-Cart » Version: 1.3.5sp2

cpe:2.3:a:cs-cart:cs-cart:1.3.5sp2
Cs-Cart » Cs-Cart » Version: 1.3.5sp3

cpe:2.3:a:cs-cart:cs-cart:1.3.5sp3
Cs-Cart » Cs-Cart » Version: 2.0

cpe:2.3:a:cs-cart:cs-cart:2.0
Cs-Cart » Cs-Cart » Version: 2.0.4

cpe:2.3:a:cs-cart:cs-cart:2.0.4
Cs-Cart » Cs-Cart » Version: 2.0.5

cpe:2.3:a:cs-cart:cs-cart:2.0.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2009-2579

Products

Pricing

Contact Us