CyberSec.Space Logo
Back to CVE Browser

CVE-2004-0241

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1850%
EPSS Percentile38.09th
PublishedNov 23, 2004
Last ModifiedApr 16, 2026

Vulnerability Description

X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via the perl_binary argument in (1) upgrade.php or (2) general.php.

Affected Platforms (CPE)

πŸ“¦
Qualiteam

X Cart

= 3.2.0
πŸ“¦
Qualiteam

X Cart

= 3.2.1
πŸ“¦
Qualiteam

X Cart

= 3.3.0
πŸ“¦
Qualiteam

X Cart

= 3.3.2
πŸ“¦
Qualiteam

X Cart

= 3.4.0
πŸ“¦
Qualiteam

X Cart

= 3.4.3
πŸ“¦
Qualiteam

X Cart

= 3.4.11

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=107582648326448&w=2
πŸ”— http://www.securityfocus.com/bid/9560
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/15034
πŸ”— http://marc.info/?l=bugtraq&m=107582648326448&w=2
πŸ”— http://www.securityfocus.com/bid/9560
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/15034

Related Vulnerabilities

CVE-2004-034810.0

SQL injection vulnerability in viewCart.asp in SpiderSales shopping cart software allows remote attackers to execute arbitrary SQL...

CVE-2006-069710.0

Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via uns...

CVE-2000-025310.0

The dansie shopping cart application cart.pl allows remote attackers to modify sensitive purchase information via hidden form fiel...

CVE-2006-069810.0

Unspecified vulnerabilities in Zen Cart before 1.2.7 allow remote attackers to cause unknown impact via unspecified vectors relate...