Comdev: >> Comdev Ecommerce Security Vulnerabilities
PHP remote file inclusion vulnerability in sampleecommerce.php in Comdev eCommerce 4.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter.
CVSS Score
7.5
EPSS Score
0.006
Published
2007-06-06
Directory traversal vulnerability in wce.download.php in Comdev eCommerce 3.0 allows remote attackers to download arbitrary files via a .. (dot dot) in the download parameter.
CVSS Score
5.0
EPSS Score
0.031
Published
2005-08-10
PHP remote file inclusion vulnerability in config.php in Comdev eCommerce 3.0 allows remote attackers to execute arbitrary PHP code via the path[docroot] parameter.
CVSS Score
5.0
EPSS Score
0.005
Published
2005-08-10
Cross-site scripting (XSS) vulnerability in index.php in Comdev eCommerce 3.0 and 3.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the onMouseOver event of an "A" tag in a review message.
CVSS Score
4.3
EPSS Score
0.003
Published
2005-07-05