Lucene search

Shopwind Security Vulnerabilities

cve

CVE-2022-30057

Shopwind <=v3.4.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability.

5.4CVSS

5.3AI Score

0.001EPSS

2022-05-11 06:15 PM

cve

CVE-2022-30058

Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Download vulnerability via the neirong parameter at \backend\controllers\DbController.php.

5.3CVSS

5.3AI Score

0.001EPSS

2022-05-11 06:15 PM

cve

CVE-2022-30059

Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Delete vulnerability via the neirong parameter at \backend\controllers\DbController.php.

6.5CVSS

6.4AI Score

0.001EPSS

2022-05-11 06:15 PM

cve

CVE-2022-30452

ShopWind <= v3.4.2 has a Sql injection vulnerability in Database.php

7.2CVSS

7AI Score

0.001EPSS

2022-05-11 06:15 PM

cve

CVE-2022-30453

ShopWind <= 3.4.2 has a RCE vulnerability in Database.php

9.8CVSS

9.4AI Score

0.003EPSS

2022-05-11 06:15 PM

cve

CVE-2022-43321

Shopwind v3.4.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the component /common/library/Page.php.

6.1CVSS

6AI Score

0.001EPSS

2022-11-09 02:15 PM

cve

CVE-2024-1705

A vulnerability was found in Shopwind up to 4.6. It has been rated as critical. This issue affects the function actionCreate of the file /public/install/controllers/DefaultController.php of the component Installation. The manipulation leads to code injection. The attack may be initiated remotely. T...

5.6CVSS

6AI Score

0.0004EPSS

2024-02-21 06:15 PM