Lucene search

K

Shop Security Vulnerabilities

cve
cve

CVE-2022-39977

Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the User module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload...

7.2CVSS

7.3AI Score

0.001EPSS

2022-10-27 08:15 PM
26
2
cve
cve

CVE-2022-39978

Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the Product List module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload...

7.2CVSS

7.3AI Score

0.001EPSS

2022-10-27 08:15 PM
26
4
cve
cve

CVE-2022-41407

Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at...

7.2CVSS

7.2AI Score

0.001EPSS

2022-10-12 12:15 AM
19
2
cve
cve

CVE-2022-41408

Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at...

9.8CVSS

9.7AI Score

0.001EPSS

2022-10-12 12:15 AM
21
cve
cve

CVE-2022-41377

Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at...

7.2CVSS

7.2AI Score

0.001EPSS

2022-10-07 07:15 PM
21
2
cve
cve

CVE-2022-41378

Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at...

7.2CVSS

7.2AI Score

0.001EPSS

2022-10-07 07:15 PM
27
4
cve
cve

CVE-2005-1440

Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Enterprise 2.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) various parameters to basket.php, (2) the nickname, email, topic, and message fields in forum.php, as demonstrated using forum_new_thread.php and....

6AI Score

0.013EPSS

2022-10-03 04:22 PM
21
cve
cve

CVE-2014-4302

Cross-site scripting (XSS) vulnerability in rating/rating.php in HAM3D Shop Engine allows remote attackers to inject arbitrary web script or HTML via the ID...

5.9AI Score

0.001EPSS

2022-10-03 04:20 PM
22
cve
cve

CVE-2012-5317

SQL injection vulnerability in main_bigware_43.php in Bigware Shop before 2.1.5 allows remote attackers to execute arbitrary SQL commands via the lastname parameter in a process...

8.7AI Score

0.003EPSS

2022-10-03 04:15 PM
18
cve
cve

CVE-2022-40943

Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via bwdate-report-ds.php...

9.8CVSS

9.7AI Score

0.002EPSS

2022-09-30 07:15 PM
34
6
cve
cve

CVE-2022-40944

Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via sales-report-ds.php...

9.8CVSS

9.7AI Score

0.002EPSS

2022-09-30 06:15 PM
29
6
cve
cve

CVE-2022-40935

Online Pet Shop We App v1.0 is vulnerable to SQL Injection via...

7.2CVSS

7.4AI Score

0.001EPSS

2022-09-22 05:15 PM
21
4
cve
cve

CVE-2022-40934

Online Pet Shop We App v1.0 is vulnerable to SQL injection via...

7.2CVSS

7.3AI Score

0.001EPSS

2022-09-22 05:15 PM
22
3
cve
cve

CVE-2022-40933

Online Pet Shop We App v1.0 by oretnom23 is vulnerable to SQL injection via...

7.2CVSS

7.3AI Score

0.001EPSS

2022-09-22 05:15 PM
26
2
cve
cve

CVE-2022-36793

Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities in WP Shop plugin <= 3.9.6 at...

9.1CVSS

9.3AI Score

0.001EPSS

2022-09-09 03:15 PM
33
8
cve
cve

CVE-2022-34972

So Filter Shop v3.x was discovered to contain multiple blind SQL injection vulnerabilities via the att_value_id , manu_value_id , opt_value_id , and subcate_value_id parameters at...

9.8CVSS

10AI Score

0.002EPSS

2022-07-05 08:15 PM
62
3
cve
cve

CVE-2022-32987

Multiple cross-site scripting (XSS) vulnerabilities in /bsms/?page=manage_account of Simple Bakery Shop Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username or Full Name...

4.8CVSS

5.1AI Score

0.001EPSS

2022-06-23 07:15 PM
36
8
cve
cve

CVE-2021-46820

Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0.9 via current_manufacturer_image parameter to...

8.1CVSS

7.9AI Score

0.001EPSS

2022-06-16 09:15 PM
35
4
cve
cve

CVE-2021-37764

Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0.9 via current_manufacturer_image parameter to...

8.1CVSS

7.9AI Score

0.001EPSS

2022-06-16 09:15 PM
39
4
cve
cve

CVE-2022-30495

In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR - Broken Access Control allowing attackers to change the admin password(vertical privilege...

9.8CVSS

9.4AI Score

0.004EPSS

2022-05-26 05:15 PM
35
2
cve
cve

CVE-2022-30494

In oretnom23 Automotive Shop Management System v1.0, the first and last name user fields suffer from a stored XSS Injection Vulnerability allowing remote attackers to gain admin access and view internal...

5.4CVSS

5.5AI Score

0.001EPSS

2022-05-26 05:15 PM
35
4
cve
cve

CVE-2022-30493

In oretnom23 Automotive Shop Management System v1.0, the product id parameter suffers from a blind SQL Injection Vulnerability allowing remote attackers to dump all database credential and gain admin access(privilege...

9.8CVSS

9.8AI Score

0.001EPSS

2022-05-26 05:15 PM
38
4
cve
cve

CVE-2022-30463

Automotive Shop Management System v1.0 is vulnerable to SQL Injection via...

8.8CVSS

9AI Score

0.001EPSS

2022-05-24 02:15 PM
30
2
cve
cve

CVE-2022-30458

Automotive Shop Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /asms/classes/Master.php?f=save_product,...

5.4CVSS

5.2AI Score

0.001EPSS

2022-05-24 02:15 PM
43
2
cve
cve

CVE-2022-29007

Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows attackers to bypass...

9.8CVSS

10AI Score

0.134EPSS

2022-05-11 02:15 PM
52
5
cve
cve

CVE-2022-0656

The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_contents function and returning its content base64 encoded in...

7.5CVSS

7.3AI Score

0.007EPSS

2022-04-25 04:16 PM
45
cve
cve

CVE-2022-28063

Simple Bakery Shop Management System v1.0 contains a file disclosure via...

4.9CVSS

5.1AI Score

0.001EPSS

2022-04-04 02:15 PM
55
cve
cve

CVE-2022-25393

Simple Bakery Shop Management v1.0 was discovered to contain a SQL injection vulnerability via the username...

7.5CVSS

7.8AI Score

0.002EPSS

2022-03-02 11:15 PM
62
cve
cve

CVE-2020-36062

Dairy Farm Shop Management System v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if...

9.8CVSS

9.5AI Score

0.005EPSS

2022-02-11 04:15 PM
24
cve
cve

CVE-2020-25905

An SQL Injection vulnerabilty exists in Sourcecodester Mobile Shop System in PHP MySQL 1.0 via the email parameter in (1) login.php or (2)...

9.8CVSS

9.9AI Score

0.003EPSS

2022-01-28 04:15 PM
31
cve
cve

CVE-2021-46061

An SQL Injection vulnerability exists in Sourcecodester Computer and Mobile Repair Shop Management system (RSMS) 1.0 via the code parameter in /rsms/ node...

9.8CVSS

9.8AI Score

0.002EPSS

2022-01-20 08:15 PM
26
cve
cve

CVE-2021-24811

The Shop Page WP WordPress plugin before 1.2.8 does not sanitise and escape some of the Product fields, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is...

4.8CVSS

4.7AI Score

0.001EPSS

2021-11-29 09:15 AM
11
2
cve
cve

CVE-2021-36560

Phone Shop Sales Managements System using PHP with Source Code 1.0 is vulnerable to authentication bypass which leads to account takeover of the...

9.8CVSS

9.7AI Score

0.003EPSS

2021-11-02 10:15 AM
20
cve
cve

CVE-2021-24679

The Bitcoin / AltCoin Payment Gateway for WooCommerce WordPress plugin before 1.6.1 does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting...

6.1CVSS

6.1AI Score

0.001EPSS

2021-10-04 12:15 PM
22
cve
cve

CVE-2021-38340

The Wordpress Simple Shop WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the update_row parameter found in the ~/includes/add_product.php file which allows attackers to inject arbitrary web scripts, in versions up to and including...

6.1CVSS

6AI Score

0.001EPSS

2021-09-10 02:15 PM
20
cve
cve

CVE-2020-18164

SQL Injection vulnerability exists in tp-shop 2.x-3.x via the /index.php/home/api/shop fBill...

9.8CVSS

9.8AI Score

0.002EPSS

2021-08-17 08:15 PM
39
2
cve
cve

CVE-2021-36623

Arbitrary File Upload in Sourcecodester Phone Shop Sales Management System 1.0 enables...

9.8CVSS

9.4AI Score

0.02EPSS

2021-08-03 06:15 PM
24
3
cve
cve

CVE-2021-36624

Sourcecodester Phone Shop Sales Managements System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication...

9.8CVSS

9.9AI Score

0.004EPSS

2021-07-30 02:15 PM
35
7
cve
cve

CVE-2021-35458

Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in products.php (aka p=products) via the c or s...

9.8CVSS

9.8AI Score

0.016EPSS

2021-07-30 02:15 PM
30
4
cve
cve

CVE-2021-35337

Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). Any attacker will be able to see the invoices of different users by changing the id...

4.3CVSS

4.5AI Score

0.003EPSS

2021-07-01 02:15 PM
34
cve
cve

CVE-2021-35456

Online Pet Shop We App 1.0 is vulnerable to remote SQL injection and shell...

9.8CVSS

9.8AI Score

0.002EPSS

2021-06-28 03:15 PM
25
4
cve
cve

CVE-2020-13911

Your Online Shop 1.8.0 allows authenticated users to trigger XSS via a Change Name or Change Surname...

5.4CVSS

5.1AI Score

0.001EPSS

2020-06-09 07:15 PM
31
cve
cve

CVE-2020-5308

PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, as demonstrated by the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName parameter in...

6.1CVSS

6.8AI Score

0.016EPSS

2020-01-09 01:15 PM
27
cve
cve

CVE-2020-5307

PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in...

9.8CVSS

9.6AI Score

0.022EPSS

2020-01-07 07:15 PM
55
cve
cve

CVE-2018-0622

The DHC Online Shop App for Android version 3.2.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...

7.4CVSS

6.9AI Score

0.001EPSS

2018-07-26 05:29 PM
23
cve
cve

CVE-2018-13001

An XSS issue was discovered in Sandoba CP:Shop v2016.1. The vulnerability is located in the admin.php file of the ./cpshop/ module. Remote attackers are able to inject their own script codes to the client-side requested vulnerable web-application parameters. The attack vector of the vulnerability.....

6.1CVSS

6AI Score

0.001EPSS

2018-06-29 02:29 PM
21
cve
cve

CVE-2018-9919

A web-accessible backdoor, with resultant SSRF, exists in Tp-shop 2.0.5 through 2.0.8, which allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution, because...

9.8CVSS

9.2AI Score

0.007EPSS

2018-05-02 09:29 PM
24
cve
cve

CVE-2017-15965

The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create...

9.8CVSS

9.9AI Score

0.004EPSS

2017-10-29 06:29 AM
43
cve
cve

CVE-2014-8393

DLL Hijacking vulnerability in CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, Corel Painter 2015, and Corel PDF...

7.8CVSS

7.5AI Score

0.004EPSS

2017-08-29 01:35 AM
23
cve
cve

CVE-2015-5468

Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to...

7.5CVSS

7.8AI Score

0.019EPSS

2017-05-23 04:29 AM
30
Total number of security vulnerabilities204