Online Shop Security Vulnerabilities
A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects unknown code of the file manage_product.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to...
7.3CVSS
7AI Score
0.0004EPSS
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects an unknown part of the file /admin/orders/update_status.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to...
9.8CVSS
9.7AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability was discovered in Online Jewelry Shop v1.0 that allows attackers to execute arbitrary script via a crafted...
5.4CVSS
5.5AI Score
0.0005EPSS
A stored cross-site scripting (XSS) vulnerability in /index.php?page=category_list of Online Jewelry Shop v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name...
5.4CVSS
5.2AI Score
0.001EPSS
A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects unknown code of the file /admin/inventory/manage_stock.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be...
9.8CVSS
9.7AI Score
0.002EPSS
A vulnerability has been found in SourceCodester Online Pet Shop We App 1.0 and classified as problematic. This vulnerability affects unknown code of the file /pet_shop/admin/orders/update_status.php. The manipulation of the argument oid with the input 1">alert(1111) leads to cross site scriptin...
6.1CVSS
6AI Score
0.001EPSS
A vulnerability classified as problematic was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=orders/view_order. The manipulation of the argument id leads to cross site scripting. The attack can be launched...
8.8CVSS
8.3AI Score
0.001EPSS
A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is the function registration of the file oews/classes/Users.php of the component POST Request Handler. The manipulation of the argument...
6.1CVSS
6AI Score
0.001EPSS
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects the function update_cart of the file /oews/classes/Master.php?f=update_cart of the component HTTP POST Request Handler. The manipulation of the argument cart_id leads to sql...
9.8CVSS
9.7AI Score
0.002EPSS
A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file oews/?p=products/view_product.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The....
8.1CVSS
8.3AI Score
0.002EPSS
Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the User module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload...
7.2CVSS
7.3AI Score
0.001EPSS
Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the Product List module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload...
7.2CVSS
7.3AI Score
0.001EPSS
Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at...
7.2CVSS
7.2AI Score
0.001EPSS
Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at...
9.8CVSS
9.7AI Score
0.001EPSS
Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at...
7.2CVSS
7.2AI Score
0.001EPSS
Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at...
7.2CVSS
7.2AI Score
0.001EPSS
7.2CVSS
7.4AI Score
0.001EPSS
7.2CVSS
7.3AI Score
0.001EPSS
7.2CVSS
7.3AI Score
0.001EPSS
Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in products.php (aka p=products) via the c or s...
9.8CVSS
9.8AI Score
0.016EPSS
9.8CVSS
9.8AI Score
0.002EPSS
Your Online Shop 1.8.0 allows authenticated users to trigger XSS via a Change Name or Change Surname...
5.4CVSS
5.1AI Score
0.001EPSS
The DHC Online Shop App for Android version 3.2.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...
7.4CVSS
6.9AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in Your Online Shop allows remote attackers to inject arbitrary web script or HTML via the products_id...
5.8AI Score
0.003EPSS
Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Checkout/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the value_title parameter, a different vulnerability than...
5.8AI Score
0.008EPSS
Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Cart/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the value_title parameter, as demonstrated using the "Front" field in the shirt...
5.8AI Score
0.008EPSS
SQL injection vulnerability in content.php in MH Products Easy Online Shop allows remote attackers to execute arbitrary SQL commands via the kat...
8.7AI Score
0.001EPSS
Multiple cross-site scripting (XSS) vulnerabilities in index.htm in Zwahlen Online Shop Freeware 5.2.2.50, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) Kat, (3) id, or (4) no parameters. NOTE: some of these details are obtained from third....
6.1AI Score
0.003EPSS
Cross-site scripting (XSS) vulnerability in article.htm in Zwahlen Online Shop allows remote attackers to inject arbitrary web script or HTML via the cat...
6AI Score
0.005EPSS
eshop.pl in WebDiscount(e)shop allows remote attackers to execute arbitrary commands via shell metacharacters in the seite...
7.7AI Score
0.291EPSS