This page aggregates publicly disclosed CVE and security risk information related to alan_ward, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2006-6831 | SQL injection vulnerability in faqDsp.asp in aFAQ 1.0 allows remote attackers to execute arbitrary SQL commands via the catcode parameter. | [email protected] | 7.5 | 0.98% | 2006-12-31 | 2026-04-23 |
| CVE-2006-6111 | Multiple SQL injection vulnerabilities in Alan Ward A-Cart Pro 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) productid parameter in product.asp or (2) search parameter in search.asp. NOTE: the category.asp vector is already covered by CVE-2004-1873. | [email protected] | 7.5 | 1.16% | 2006-11-26 | 2026-04-23 |
| CVE-2006-2948 | A-CART 2.0 stores the acart2_0.mdb file under the web document root with insufficient access control, which allows remote attackers to obtain username and password information. | [email protected] | 5.0 | 0.51% | 2006-06-12 | 2026-04-16 |
| CVE-2005-4064 | Multiple SQL injection vulnerabilities in A-FAQ 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) faqid parameter to faqDspItem.asp and (2) catcode parameter to faqDsp.asp. | [email protected] | 7.5 | 1.22% | 2005-12-07 | 2026-04-16 |
| CVE-2004-1873 | SQL injection vulnerability in category.asp in A-CART Pro and A-CART 2.0 allows remote attackers to gain privileges via the catcode parameter. | [email protected] | 7.5 | 2.82% | 2004-12-31 | 2026-04-16 |
| CVE-2004-1874 | Multiple cross-site scripting (XSS) vulnerabilities in (1) deliver.asp and (2) billing.asp in A-CART Pro and A-CART 2.0 allow remote attackers to inject arbitrary web script or HTML via the user information forms. | [email protected] | 4.3 | 0.44% | 2004-03-29 | 2026-04-16 |