Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Averta Phlox Shop allows PHP Local File Inclusion.This issue affects Phlox Shop: from n/a through...
8.6CVSS
7.1AI Score
0.0004EPSS
A vulnerability was found in code-projects Mobile Shop 1.0. It has been classified as critical. Affected is an unknown function of the file Details.php of the component Login Page. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit....
7.3CVSS
7.9AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wpexpertsio WC Shop Sync – Integrate Square and WooCommerce for Seamless Shop Management allows Reflected XSS.This issue affects WC Shop Sync – Integrate Square and WooCommerce for Seamless Shop...
7.1CVSS
7.4AI Score
0.0004EPSS
A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Management System up to 1.1. Affected is an unknown function of the file add-category.php. The manipulation of the argument category leads to sql injection. The exploit has been disclosed to the public and...
9.8CVSS
7.9AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Frédéric Sheedy Etsy Shop plugin <= 3.0.3...
8.8CVSS
7.7AI Score
0.001EPSS
The Etsy Shop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'etsy-shop' shortcode in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
5.4CVSS
6.7AI Score
0.001EPSS
A vulnerability, which was classified as problematic, has been found in ActiveITzone Active Super Shop CMS 2.5. This issue affects some unknown processing of the component Manage Details Page. The manipulation of the argument name/phone/address leads to cross site scripting. The attack may be...
5.4CVSS
5.3AI Score
0.001EPSS
The Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop WordPress plugin through 1.7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by authenticated...
9.8CVSS
9.6AI Score
0.001EPSS
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects an unknown part of the file /admin/orders/update_status.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to...
9.8CVSS
9.7AI Score
0.001EPSS
A vulnerability classified as problematic was found in Campcodes Coffee Shop POS System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php. The manipulation of the argument firstname leads to cross site scripting. The attack can be launched remotely. The....
6.1CVSS
6AI Score
0.002EPSS
A vulnerability was found in Campcodes Coffee Shop POS System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/sales/manage_sale.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has...
7.5CVSS
7.9AI Score
0.001EPSS
A vulnerability was found in Campcodes Coffee Shop POS System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/products/manage_product.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit....
7.5CVSS
7.9AI Score
0.001EPSS
A vulnerability was found in Campcodes Coffee Shop POS System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/products/view_product.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit.....
7.5CVSS
7.9AI Score
0.001EPSS
A vulnerability classified as critical has been found in Campcodes Coffee Shop POS System 1.0. Affected is an unknown function of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been...
9.8CVSS
9.8AI Score
0.004EPSS
A vulnerability was found in Campcodes Coffee Shop POS System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/categories/manage_category.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The....
7.5CVSS
7.8AI Score
0.001EPSS
A vulnerability has been found in Campcodes Coffee Shop POS System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/categories/view_category.php. The manipulation of the argument id leads to sql injection. The attack can be launched...
7.5CVSS
7.9AI Score
0.001EPSS
A vulnerability, which was classified as critical, was found in Campcodes Coffee Shop POS System 1.0. Affected is an unknown function of the file /admin/sales/view_details.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has....
7.5CVSS
7.9AI Score
0.001EPSS
A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects unknown code of the file /admin/inventory/manage_stock.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be...
9.8CVSS
9.8AI Score
0.002EPSS
A vulnerability, which was classified as critical, has been found in SourceCodester Simple Bakery Shop Management System 1.0. Affected by this issue is some unknown functionality of the component Admin Login. The manipulation of the argument username/password with the input admin' or 1=1 -- leads.....
9.8CVSS
9.6AI Score
0.002EPSS
A vulnerability classified as problematic was found in SourceCodester Phone Shop Sales Managements System 1.0. This vulnerability affects unknown code of the file /osms/assets/plugins/jquery-validation-1.11.1/demo/captcha/index.php of the component CAPTCHA Handler. The manipulation leads to cross.....
6.1CVSS
6.1AI Score
0.001EPSS
A vulnerability has been found in SourceCodester Online Pet Shop We App 1.0 and classified as problematic. This vulnerability affects unknown code of the file /pet_shop/admin/orders/update_status.php. The manipulation of the argument oid with the input 1">alert(1111) leads to cross site scriptin...
6.1CVSS
6.1AI Score
0.001EPSS
A vulnerability classified as problematic was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=orders/view_order. The manipulation of the argument id leads to cross site scripting. The attack can be launched...
8.8CVSS
8.4AI Score
0.001EPSS
A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is the function registration of the file oews/classes/Users.php of the component POST Request Handler. The manipulation of the argument...
6.1CVSS
6.1AI Score
0.001EPSS
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects the function update_cart of the file /oews/classes/Master.php?f=update_cart of the component HTTP POST Request Handler. The manipulation of the argument cart_id leads to sql...
9.8CVSS
9.7AI Score
0.002EPSS
A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file oews/?p=products/view_product.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The....
8.1CVSS
9.7AI Score
0.002EPSS
Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities in WP Shop plugin <= 3.9.6 at...
9.1CVSS
9.3AI Score
0.001EPSS
The Shop Page WP WordPress plugin before 1.2.8 does not sanitise and escape some of the Product fields, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is...
4.8CVSS
4.7AI Score
0.001EPSS
The Bitcoin / AltCoin Payment Gateway for WooCommerce WordPress plugin before 1.6.1 does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting...
6.1CVSS
6.1AI Score
0.001EPSS
The Wordpress Simple Shop WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the update_row parameter found in the ~/includes/add_product.php file which allows attackers to inject arbitrary web scripts, in versions up to and including...
6.1CVSS
6AI Score
0.001EPSS
SQL Injection vulnerability exists in tp-shop 2.x-3.x via the /index.php/home/api/shop fBill...
9.8CVSS
8.8AI Score
0.002EPSS
The DHC Online Shop App for Android version 3.2.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...
7.4CVSS
6.9AI Score
0.001EPSS
A web-accessible backdoor, with resultant SSRF, exists in Tp-shop 2.0.5 through 2.0.8, which allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution, because...
9.8CVSS
6.9AI Score
0.007EPSS
Cross-site scripting (XSS) vulnerability in Webasyst Shop-Script 5.2.2.30933 allows remote attackers to inject arbitrary web script or HTML via the phone number field in a new contact to...
6.2AI Score
0.002EPSS
PHP remote file inclusion vulnerability in includes/generate-pdf.php in the WP ecommerce Shop Styling plugin for WordPress before 1.8 allows remote attackers to execute arbitrary PHP code via a URL in the dompdf...
7.8AI Score
0.011EPSS
SQL injection vulnerability in index.php in WebAsyst Shop-Script allows remote attackers to execute arbitrary SQL commands via the blog_id parameter in a news...
9.3AI Score
0.001EPSS
Directory traversal vulnerability in WebAsyst Shop-Script FREE has unknown impact and attack vectors via the sub...
7.3AI Score
0.003EPSS
Multiple cross-site scripting (XSS) vulnerabilities in WebAsyst Shop-Script FREE allow remote attackers to inject arbitrary web script or HTML via the (1) currency_id_left, (2) currency_id_right, (3) darkcolor, (4) lightcolor, (5) middlecolor, and (6) w...
6.3AI Score
0.002EPSS
Multiple SQL injection vulnerabilities in WebAsyst Shop-Script FREE allow attackers to execute arbitrary SQL commands via the (1) add2cart, (2) c_id, (3) categoryID, (4) list_price, (5) name, (6) new_offer, (7) price, (8) product_code, (9) productID, (10) rating, and (11) save_product...
9.3AI Score
0.001EPSS
SQL injection vulnerability in druckansicht.php in JTL-Shop 2 allows remote attackers to execute arbitrary SQL commands via the s...
9.3AI Score
0.001EPSS
SQL injection vulnerability in index.php in Shop-Script Pro 2.12, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the current_currency...
9.3AI Score
0.001EPSS
SQL injection vulnerability in users.asp in QuadComm Q-Shop 3.0, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the (1) UserID and (2) Pwd parameters. NOTE: this might be related to...
8.8AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in search.asp in QuadComm Q-Shop 3.0, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the srkeys...
6.4AI Score
0.002EPSS
SQL injection vulnerability in show_cat2.php in SHOP-INET 4 allows remote attackers to execute arbitrary SQL commands via the grid...
9.3AI Score
0.001EPSS
Directory traversal vulnerability in index.php in Shop-Script 2.0 and possibly other versions allows remote attackers to read arbitrary files via a .. (dot dot) in the aux_page...
7.5AI Score
0.014EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Smart-Shop allow remote attackers to inject arbitrary web script or HTML via (1) the email parameter to index.php; or the command parameter to index.php in (2) the default action for the home page, (3) a currencies action, or (4) a basket...
6.4AI Score
0.002EPSS
ideal_process.php in the iDEAL payment module in ViArt Shop 3.3 beta and earlier might allow remote attackers to obtain the pathname for certificate and key files via an "iDEAL transaction", possibly involving fopen error messages for nonexistent files, a different issue than CVE-2007-5364. NOTE:.....
7AI Score
0.006EPSS
Direct static code injection vulnerability in includes/admin/sub/conf_appearence.php in Shop-Script FREE 2.0 and earlier allows remote attackers to inject arbitrary PHP code into cfg/appearence.inc.php via a save_appearence action in admin.php, as demonstrated with the (1) productscount, (2)...
8AI Score
0.007EPSS
admin.php in Shop-Script FREE 2.0 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to access the admin...
7AI Score
0.013EPSS
Multiple SQL injection vulnerabilities in A-shop 0.70 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified...
9.5AI Score
0.001EPSS
Directory traversal vulnerability in admin/filebrowser.asp in A-shop 0.70 and earlier, and possibly 0.71, allows remote attackers to delete arbitrary files via unspecified filename references in the delfiles...
7.7AI Score
0.004EPSS