RSS   Vulnerabilities for 'Alegrocart'   RSS

2011-09-23
 
CVE-2011-3701

CWE-200
 

 
AlegroCart 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by common.php and certain other files.

 
2010-04-29
 
CVE-2010-1611

CWE-352
 

 
Cross-site request forgery (CSRF) vulnerability in AlegroCart 1.1 allows remote attackers to hijack the authentication of the administrator for requests that reset the administrator password via a POST to admin/ with an update action.

 


Copyright 2017, cxsecurity.com