CVE-2008-6765

ViArt Shop 3.5 - Unauthenticated Arbitrary Shopping Cart Access via cart_name Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6765. PoCs published by Xia Shing Zee.

AI-analyzed exploit summary This writeup describes multiple vulnerabilities in ViArt Shopping Cart v3.5, including full path disclosure, information disclosure, and arbitrary code injection via XSS. It provides detailed steps for exploitation but does not include executable exploit code.

Description

ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to access the contents of an arbitrary shopping cart via a modified cart_name parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Xia Shing Zee · textwebappsphp
https://www.exploit-db.com/exploits/7628

This writeup describes multiple vulnerabilities in ViArt Shopping Cart v3.5, including full path disclosure, information disclosure, and arbitrary code injection via XSS. It provides detailed steps for exploitation but does not include executable exploit code.

Classification
Writeup 90%
Attack Type
Xss | Info Leak
Complexity
Trivial
Reliability
Reliable
Target: ViArt Shopping Cart v3.5
No auth needed
Prerequisites: Access to the target application · Ability to craft malicious URLs
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/499625/100/0/threaded
Exploit vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1021497
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/33043

Scores

EPSS 0.0243
EPSS Percentile 82.1%

Details

Status published
Products (1)
viart/viart_shop 3.5
Published Apr 28, 2009
Tracked Since Feb 18, 2026