Shop Security Vulnerabilities
A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects unknown code of the file manage_product.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to...
7.3CVSS
7AI Score
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Averta Phlox Shop allows PHP Local File Inclusion.This issue affects Phlox Shop: from n/a through...
8.6CVSS
6.8AI Score
0.0004EPSS
A vulnerability was found in code-projects Mobile Shop 1.0. It has been classified as critical. Affected is an unknown function of the file Details.php of the component Login Page. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit....
7.3CVSS
7.4AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wpexpertsio WC Shop Sync ā Integrate Square and WooCommerce for Seamless Shop Management allows Reflected XSS.This issue affects WC Shop Sync ā Integrate Square and WooCommerce for Seamless Shop...
7.1CVSS
9.3AI Score
0.0004EPSS
A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Management System up to 1.1. Affected is an unknown function of the file add-category.php. The manipulation of the argument category leads to sql injection. The exploit has been disclosed to the public and...
9.8CVSS
9.7AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in FrƩdƩric Sheedy Etsy Shop plugin <= 3.0.3...
8.8CVSS
8.7AI Score
0.001EPSS
The Etsy Shop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'etsy-shop' shortcode in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
6.4CVSS
5.2AI Score
0.001EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Dairy Farm Shop Management System Using PHP and MySQL v1.1 allow attackers to execute arbitrary web scripts and HTML via a crafted payload injected into the Category and Category Field...
5.4CVSS
5.4AI Score
0.001EPSS
Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL injection vulnerabilities in the Login function via the Username and Password...
7.5CVSS
8AI Score
0.001EPSS
A vulnerability, which was classified as problematic, has been found in ActiveITzone Active Super Shop CMS 2.5. This issue affects some unknown processing of the component Manage Details Page. The manipulation of the argument name/phone/address leads to cross site scripting. The attack may be...
5.4CVSS
5.2AI Score
0.001EPSS
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Insecure...
9.8CVSS
9.3AI Score
0.002EPSS
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 suffers from Multiple Stored Cross-Site Scripting (XSS) vulnerabilities via Shop Beat Control Panel found at www.shopbeat.co.za...
5.4CVSS
5.4AI Score
0.0005EPSS
Shop Beat Solutions (pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Directory Traversal via server.shopbeat.co.za. Information Exposure Through Directory Listing vulnerability in "studio" software of Shop Beat. This issue affects: Shop Beat studio studio versions prior to...
5.3CVSS
5.2AI Score
0.001EPSS
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs. For Controlpanel Lite. "After login we are directly able to use the bearer token or jsession ID to access the apis instead of entering the 2FA code. Thus, leading to bypass of 2FA on API.....
5.4CVSS
5.5AI Score
0.0005EPSS
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Cross Site Request Forgery...
8.8CVSS
8.6AI Score
0.001EPSS
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to IDOR via...
9.1CVSS
9.1AI Score
0.001EPSS
The Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop WordPress plugin through 1.7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by authenticated...
9.8CVSS
9.6AI Score
0.002EPSS
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects an unknown part of the file /admin/orders/update_status.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to...
9.8CVSS
9.7AI Score
0.002EPSS
A vulnerability classified as problematic was found in Campcodes Coffee Shop POS System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php. The manipulation of the argument firstname leads to cross site scripting. The attack can be launched remotely. The....
6.1CVSS
6AI Score
0.002EPSS
A vulnerability was found in Campcodes Coffee Shop POS System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/sales/manage_sale.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has...
7.5CVSS
7.8AI Score
0.002EPSS
A vulnerability was found in Campcodes Coffee Shop POS System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/products/manage_product.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit....
7.5CVSS
7.8AI Score
0.002EPSS
A vulnerability was found in Campcodes Coffee Shop POS System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/products/view_product.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit.....
7.5CVSS
7.8AI Score
0.002EPSS
A vulnerability classified as critical has been found in Campcodes Coffee Shop POS System 1.0. Affected is an unknown function of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been...
9.8CVSS
9.7AI Score
0.006EPSS
A vulnerability was found in Campcodes Coffee Shop POS System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/categories/manage_category.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The....
7.5CVSS
7.8AI Score
0.002EPSS
A vulnerability has been found in Campcodes Coffee Shop POS System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/categories/view_category.php. The manipulation of the argument id leads to sql injection. The attack can be launched...
7.5CVSS
7.8AI Score
0.002EPSS
A vulnerability, which was classified as critical, was found in Campcodes Coffee Shop POS System 1.0. Affected is an unknown function of the file /admin/sales/view_details.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has....
7.5CVSS
7.8AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability was discovered in Online Jewelry Shop v1.0 that allows attackers to execute arbitrary script via a crafted...
5.4CVSS
5.5AI Score
0.0005EPSS
A stored cross-site scripting (XSS) vulnerability in /index.php?page=category_list of Online Jewelry Shop v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name...
5.4CVSS
5.2AI Score
0.001EPSS
A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects unknown code of the file /admin/inventory/manage_stock.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be...
9.8CVSS
9.7AI Score
0.002EPSS
A vulnerability, which was classified as critical, has been found in SourceCodester Simple Bakery Shop Management System 1.0. Affected by this issue is some unknown functionality of the component Admin Login. The manipulation of the argument username/password with the input admin' or 1=1 -- leads.....
9.8CVSS
9.6AI Score
0.002EPSS
A vulnerability, which was classified as critical, has been found in SUL1SS_shop. This issue affects some unknown processing of the file application\merch\controller\Order.php. The manipulation of the argument keyword leads to sql injection. The attack may be initiated remotely. The exploit has...
7.2CVSS
7.2AI Score
0.001EPSS
A vulnerability classified as problematic was found in SourceCodester Phone Shop Sales Managements System 1.0. This vulnerability affects unknown code of the file /osms/assets/plugins/jquery-validation-1.11.1/demo/captcha/index.php of the component CAPTCHA Handler. The manipulation leads to cross.....
6.1CVSS
6.1AI Score
0.001EPSS
A vulnerability has been found in SourceCodester Online Pet Shop We App 1.0 and classified as problematic. This vulnerability affects unknown code of the file /pet_shop/admin/orders/update_status.php. The manipulation of the argument oid with the input 1">alert(1111) leads to cross site scriptin...
6.1CVSS
6AI Score
0.001EPSS
A vulnerability classified as problematic was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=orders/view_order. The manipulation of the argument id leads to cross site scripting. The attack can be launched...
8.8CVSS
8.3AI Score
0.001EPSS
A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is the function registration of the file oews/classes/Users.php of the component POST Request Handler. The manipulation of the argument...
6.1CVSS
6AI Score
0.001EPSS
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects the function update_cart of the file /oews/classes/Master.php?f=update_cart of the component HTTP POST Request Handler. The manipulation of the argument cart_id leads to sql...
9.8CVSS
9.7AI Score
0.002EPSS
A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file oews/?p=products/view_product.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The....
8.1CVSS
8.3AI Score
0.002EPSS
Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at...
7.2CVSS
7.2AI Score
0.001EPSS
Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at...
7.2CVSS
7.2AI Score
0.001EPSS
Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at...
7.2CVSS
7.2AI Score
0.001EPSS
Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at...
7.2CVSS
7.2AI Score
0.001EPSS
6.5CVSS
6.4AI Score
0.001EPSS
7.2CVSS
7.3AI Score
0.001EPSS
7.2CVSS
7.3AI Score
0.001EPSS
7.2CVSS
7.3AI Score
0.001EPSS
7.2CVSS
7.3AI Score
0.001EPSS
7.2CVSS
7.1AI Score
0.001EPSS
7.2CVSS
7.3AI Score
0.001EPSS
7.2CVSS
7.3AI Score
0.001EPSS
7.2CVSS
7.3AI Score
0.001EPSS