GCVE - cpe:2.3:a:netartmedia:car_portal:3.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:netartmedia:car_portal:3.0:*:*:*:*:*:*:*

part: a version: 3.0 update: *

Vendor	Netartmedia (`58a3ef90-e69b-54c1-8939-90cfe9ede906`)
Product	Car Portal (`2200a530-bf9c-5adb-bf52-b9d75b513e30`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2012-6510`	vulnerable	2026-06-03 14:32:34.215534	Details available Multiple cross-site scripting (XSS) vulnerabilities in NetArt Media Car Portal 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) PWRS or (2) Description field when posting a new vehicle; (3) news title when creating news; (4) Name when creating a sub user; (5) group name when creating a group; or (6) dealer name, (7) first name, or (8) last name when changing a profile. Published: 2013-01-24T01:00:00.000Z Updated: 2024-09-16T19:15:37.873Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/53267 http://packetstormsecurity.org/files/112226/Car-Portal-CMS-3.0-CSRF-XSS-Shell-Upload.html http://www.vulnerability-lab.com/get_content.php?id=502	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-6509`	vulnerable	2026-06-03 14:32:34.215236	Details available Unrestricted file upload vulnerability in NetArt Media Car Portal 3.0 allows remote attackers to execute arbitrary PHP code by uploading a file a double extension, as demonstrated by .php%00.jpg. Published: 2013-01-24T01:00:00.000Z Updated: 2024-09-16T22:01:55.335Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/53267 http://packetstormsecurity.org/files/112226/Car-Portal-CMS-3.0-CSRF-XSS-Shell-Upload.html http://www.vulnerability-lab.com/get_content.php?id=502	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-6508`	vulnerable	2026-06-03 14:32:34.214863	Details available Multiple cross-site request forgery (CSRF) vulnerabilities in NetArt Media Car Portal 3.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change arbitrary user passwords via a nouveau action in the security module to cars/ADMIN/index.php; (2) create a user or (3) create a sub user via a sub_accounts action in the home module to USERS/index.php; or (4) change profile information via an edit action in the profile module to USERS/index.php. Published: 2013-01-24T01:00:00.000Z Updated: 2024-09-16T19:50:56.006Z Open on db.gcve.eu Reference links http://packetstormsecurity.org/files/112226/Car-Portal-CMS-3.0-CSRF-XSS-Shell-Upload.html http://www.vulnerability-lab.com/get_content.php?id=502 http://secunia.com/advisories/49010	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.