Filtered by vendor Quickestore Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2007-3933 1 Quickestore 1 Quickestore 2024-11-21 N/A
SQL injection vulnerability in insertorder.cfm in QuickEStore 8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the CFTOKEN parameter, a different vector than CVE-2006-2053.
CVE-2006-2053 1 Quickestore 1 Quickestore 2024-11-21 N/A
Multiple SQL injection vulnerabilities in QuickEStore 7.9 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the OrderID parameter in (a) shipping.cfm and (b) checkout.cfm, (2) ItemID parameter in (c) proddetail.cfm, (3) SubCatID parameter in (d) index.cfm, the (4) CategoryID parameter in (e) prodpage.cfm, and (5) ProdID parameter in (f) Details.cfm. NOTE: these issues can also be exploited for path disclosure.