Shop Security Vulnerabilities
Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the User module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload...
7.2CVSS
7.3AI Score
0.001EPSS
Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the Product List module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload...
7.2CVSS
7.3AI Score
0.001EPSS
Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at...
7.2CVSS
7.2AI Score
0.001EPSS
Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at...
9.8CVSS
9.7AI Score
0.001EPSS
Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at...
7.2CVSS
7.2AI Score
0.001EPSS
Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at...
7.2CVSS
7.2AI Score
0.001EPSS
Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Enterprise 2.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) various parameters to basket.php, (2) the nickname, email, topic, and message fields in forum.php, as demonstrated using forum_new_thread.php and....
6AI Score
0.013EPSS
Cross-site scripting (XSS) vulnerability in rating/rating.php in HAM3D Shop Engine allows remote attackers to inject arbitrary web script or HTML via the ID...
5.9AI Score
0.001EPSS
SQL injection vulnerability in main_bigware_43.php in Bigware Shop before 2.1.5 allows remote attackers to execute arbitrary SQL commands via the lastname parameter in a process...
8.7AI Score
0.003EPSS
Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via bwdate-report-ds.php...
9.8CVSS
9.7AI Score
0.002EPSS
Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via sales-report-ds.php...
9.8CVSS
9.7AI Score
0.002EPSS
7.2CVSS
7.4AI Score
0.001EPSS
7.2CVSS
7.3AI Score
0.001EPSS
7.2CVSS
7.3AI Score
0.001EPSS
Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities in WP Shop plugin <= 3.9.6 at...
9.1CVSS
9.3AI Score
0.001EPSS
So Filter Shop v3.x was discovered to contain multiple blind SQL injection vulnerabilities via the att_value_id , manu_value_id , opt_value_id , and subcate_value_id parameters at...
9.8CVSS
10AI Score
0.002EPSS
Multiple cross-site scripting (XSS) vulnerabilities in /bsms/?page=manage_account of Simple Bakery Shop Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username or Full Name...
4.8CVSS
5.1AI Score
0.001EPSS
Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0.9 via current_manufacturer_image parameter to...
8.1CVSS
7.9AI Score
0.001EPSS
Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0.9 via current_manufacturer_image parameter to...
8.1CVSS
7.9AI Score
0.001EPSS
In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR - Broken Access Control allowing attackers to change the admin password(vertical privilege...
9.8CVSS
9.4AI Score
0.004EPSS
In oretnom23 Automotive Shop Management System v1.0, the first and last name user fields suffer from a stored XSS Injection Vulnerability allowing remote attackers to gain admin access and view internal...
5.4CVSS
5.5AI Score
0.001EPSS
In oretnom23 Automotive Shop Management System v1.0, the product id parameter suffers from a blind SQL Injection Vulnerability allowing remote attackers to dump all database credential and gain admin access(privilege...
9.8CVSS
9.8AI Score
0.001EPSS
8.8CVSS
9AI Score
0.001EPSS
Automotive Shop Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /asms/classes/Master.php?f=save_product,...
5.4CVSS
5.2AI Score
0.001EPSS
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows attackers to bypass...
9.8CVSS
10AI Score
0.134EPSS
The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_contents function and returning its content base64 encoded in...
7.5CVSS
7.3AI Score
0.007EPSS
4.9CVSS
5.1AI Score
0.001EPSS
Simple Bakery Shop Management v1.0 was discovered to contain a SQL injection vulnerability via the username...
7.5CVSS
7.8AI Score
0.002EPSS
Dairy Farm Shop Management System v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if...
9.8CVSS
9.5AI Score
0.005EPSS
An SQL Injection vulnerabilty exists in Sourcecodester Mobile Shop System in PHP MySQL 1.0 via the email parameter in (1) login.php or (2)...
9.8CVSS
9.9AI Score
0.003EPSS
An SQL Injection vulnerability exists in Sourcecodester Computer and Mobile Repair Shop Management system (RSMS) 1.0 via the code parameter in /rsms/ node...
9.8CVSS
9.8AI Score
0.002EPSS
The Shop Page WP WordPress plugin before 1.2.8 does not sanitise and escape some of the Product fields, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is...
4.8CVSS
4.7AI Score
0.001EPSS
Phone Shop Sales Managements System using PHP with Source Code 1.0 is vulnerable to authentication bypass which leads to account takeover of the...
9.8CVSS
9.7AI Score
0.003EPSS
The Bitcoin / AltCoin Payment Gateway for WooCommerce WordPress plugin before 1.6.1 does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting...
6.1CVSS
6.1AI Score
0.001EPSS
The Wordpress Simple Shop WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the update_row parameter found in the ~/includes/add_product.php file which allows attackers to inject arbitrary web scripts, in versions up to and including...
6.1CVSS
6AI Score
0.001EPSS
SQL Injection vulnerability exists in tp-shop 2.x-3.x via the /index.php/home/api/shop fBill...
9.8CVSS
9.8AI Score
0.002EPSS
Arbitrary File Upload in Sourcecodester Phone Shop Sales Management System 1.0 enables...
9.8CVSS
9.4AI Score
0.02EPSS
Sourcecodester Phone Shop Sales Managements System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication...
9.8CVSS
9.9AI Score
0.004EPSS
Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in products.php (aka p=products) via the c or s...
9.8CVSS
9.8AI Score
0.016EPSS
Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). Any attacker will be able to see the invoices of different users by changing the id...
4.3CVSS
4.5AI Score
0.003EPSS
9.8CVSS
9.8AI Score
0.002EPSS
Your Online Shop 1.8.0 allows authenticated users to trigger XSS via a Change Name or Change Surname...
5.4CVSS
5.1AI Score
0.001EPSS
PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, as demonstrated by the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName parameter in...
6.1CVSS
6.8AI Score
0.016EPSS
PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in...
9.8CVSS
9.6AI Score
0.022EPSS
The DHC Online Shop App for Android version 3.2.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...
7.4CVSS
6.9AI Score
0.001EPSS
An XSS issue was discovered in Sandoba CP:Shop v2016.1. The vulnerability is located in the admin.php file of the ./cpshop/ module. Remote attackers are able to inject their own script codes to the client-side requested vulnerable web-application parameters. The attack vector of the vulnerability.....
6.1CVSS
6AI Score
0.001EPSS
A web-accessible backdoor, with resultant SSRF, exists in Tp-shop 2.0.5 through 2.0.8, which allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution, because...
9.8CVSS
9.2AI Score
0.007EPSS
The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create...
9.8CVSS
9.9AI Score
0.004EPSS
DLL Hijacking vulnerability in CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, Corel Painter 2015, and Corel PDF...
7.8CVSS
7.5AI Score
0.004EPSS
Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to...
7.5CVSS
7.8AI Score
0.019EPSS