CyberSec.Space Logo
CVEブラウザに戻る

CVE-2004-0241

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1850%
EPSS Percentile38.09th
Published2004年11月23日
Last Modified2026年4月16日

Vulnerability Description

X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via the perl_binary argument in (1) upgrade.php or (2) general.php.

Affected Platforms (CPE)

📦
Qualiteam

X Cart

= 3.2.0
📦
Qualiteam

X Cart

= 3.2.1
📦
Qualiteam

X Cart

= 3.3.0
📦
Qualiteam

X Cart

= 3.3.2
📦
Qualiteam

X Cart

= 3.4.0
📦
Qualiteam

X Cart

= 3.4.3
📦
Qualiteam

X Cart

= 3.4.11

References & Advisories

🔗 http://marc.info/?l=bugtraq&m=107582648326448&w=2
🔗 http://www.securityfocus.com/bid/9560
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/15034
🔗 http://marc.info/?l=bugtraq&m=107582648326448&w=2
🔗 http://www.securityfocus.com/bid/9560
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/15034

関連する脆弱性情報

CVE-2004-034810.0

SQL injection vulnerability in viewCart.asp in SpiderSales shopping cart software allows remote attackers to execute arbitrary SQL...

CVE-2006-069710.0

Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via uns...

CVE-2000-025310.0

The dansie shopping cart application cart.pl allows remote attackers to modify sensitive purchase information via hidden form fiel...

CVE-2006-069810.0

Unspecified vulnerabilities in Zen Cart before 1.2.7 allow remote attackers to cause unknown impact via unspecified vectors relate...