Using a specially crafted HTTP request, it is possible to exploit a lack in the validation of the “item_id[0]” and “item_id[]” input parameters of cart.php page. Successful exploitation of the vulnerabilities results in read sensitive data from the database and, in some cases, execute administration operation on the database or issue commands to the operating system. Using a specially crafted HTTP request, it is possible to exploit a lack in the neutralization of multiple pages output which includes the user submitted content. Successful exploitation of the vulnerabilities, results in the execution of arbitrary HTML and script code in the user’s browser in the context of the victim user's session trough a “Reflected XSS”. Using a specially crafted HTTP request, it is possible to redirect the normal browsing of users to a malicious site by modifying untrusted URL input in Referer HTTP header parameter in index.php, cart.php, msg.php and page.php pages. Successful exploitation of the vulnerabilities results in phishing scam, user credential theft, malware dissemination.