Ecommerce Security Vulnerabilities

CVE-2007-0190

PHP remote file inclusion vulnerability in edit_address.php in edit-x ecommerce allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter.

CVE-2012-4236

Cross-site scripting (XSS) vulnerability in the refresh_page function in application/modules/_main/views/_top.php in Total Shop UK eCommerce Open Source before 2.1.2_p1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

CVE-2018-15202

An issue was discovered in Juunan06 eCommerce through 2018-08-05. There is a CSRF vulnerability in ee/eBoutique/app/template/includes/crudTreatment.php that can add new users and add products.

CVE-2018-20849

Arastta eCommerce 1.6.2 is vulnerable to XSS via the PATH_INFO to the login/ URI.

CVE-2023-3856

A vulnerability, which was classified as problematic, has been found in phpscriptpoint Ecommerce 1.15. Affected by this issue is some unknown functionality of the file /blog-single.php. The manipulation of the argument slug leads to cross site scripting. The attack may be launched remotely. The ide...

CVE-2023-3857

A vulnerability, which was classified as problematic, was found in phpscriptpoint Ecommerce 1.15. This affects an unknown part of the file /product.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235209 was a...