Browse all 17 CVE security advisories affecting sunshinephotocart. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Sunshinephotocart is an e-commerce shopping cart solution designed for photographers to sell digital images and prints online. Historically, it has been vulnerable to multiple security issues including remote code execution, cross-site scripting, SQL injection, and privilege escalation vulnerabilities. The application's 17 recorded CVEs highlight consistent security flaws, particularly in input validation and access control. Notable incidents include multiple RCE vulnerabilities allowing attackers to execute arbitrary code on server systems, and persistent XSS issues enabling client-side script injection. These vulnerabilities often stem from insufficient sanitization of user inputs and inadequate protection against unauthorized access, posing significant risks to both store operators and their customers.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-5482 | Sunshine Photo Cart <= 3.4.11 - Authenticated (Subscriber+) Privilege Escalation — Sunshine Photo Cart – Client Photo Gallery & Photo Proofing for PhotographersCWE-620 | 8.8 | High | 2025-06-04 |
| CVE-2024-1294 | Sunshine Photo Cart: Free Client Galleries for Photographers <= 3.0.24 - Unauthenticated Sensitive Information Exposure via Invoice — Sunshine Photo Cart – Client Photo Gallery & Photo Proofing for PhotographersCWE-284 | 5.3 | Medium | 2024-02-20 |
| CVE-2021-4415 | Sunshine Photo Cart <= 2.8.28 - Cross-Site Request Forgery Bypass — Sunshine Photo Cart – Client Photo Gallery & Photo Proofing for PhotographersCWE-352 | 4.3 | Medium | 2023-07-12 |
This page lists every published CVE security advisory associated with sunshinephotocart. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.