Lucene search

Web+ Shop Security Vulnerabilities

cve

CVE-2022-40935

Online Pet Shop We App v1.0 is vulnerable to SQL Injection via...

7.2CVSS

7.4AI Score

0.001EPSS

2022-09-22 05:15 PM

cve

CVE-2022-40934

Online Pet Shop We App v1.0 is vulnerable to SQL injection via...

7.2CVSS

7.3AI Score

0.001EPSS

2022-09-22 05:15 PM

cve

CVE-2022-40933

Online Pet Shop We App v1.0 by oretnom23 is vulnerable to SQL injection via...

7.2CVSS

7.3AI Score

0.001EPSS

2022-09-22 05:15 PM

cve

CVE-2022-0656

The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_contents function and returning its content base64 encoded in...

7.5CVSS

7.3AI Score

0.007EPSS

2022-04-25 04:16 PM

cve

CVE-2021-35456

Online Pet Shop We App 1.0 is vulnerable to remote SQL injection and shell...

9.8CVSS

9.8AI Score

0.002EPSS

2021-06-28 03:15 PM

cve

CVE-2012-6506

Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web Shop plugin 2.4.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in zing.inc.php or (2) notes parameter in...

5.9AI Score

0.008EPSS

2013-01-24 01:55 AM

cve

CVE-2012-4033

Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin before 2.4.0 for WordPress have unknown impact and attack...

7.1AI Score

0.003EPSS

2012-07-18 06:55 PM

cve

CVE-2007-2532

Multiple cross-site scripting (XSS) vulnerabilities in Minh Nguyen Duong Obie Website Mini Web Shop 2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) to (1) sendmail.php or (2) order_form.php, different vectors than...

5.7AI Score

0.007EPSS

2007-05-09 12:19 AM

cve

CVE-2006-6735

modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c allows remote attackers to obtain sensitive information via a request with an arbitrary catname parameter but no itemsdb parameter, which reveals the path in an error message. NOTE: CVE analysis suggests that this...

6.7AI Score

0.003EPSS

2006-12-26 11:28 PM

cve

CVE-2006-6734

Cross-site scripting (XSS) vulnerability in modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c allows remote attackers to inject arbitrary web script or HTML via the catname...

5.6AI Score

0.006EPSS

2006-12-26 11:28 PM

cve

CVE-2006-1897

Webplus (aka talentsoft) Web+Shop 5.3.6, when Redirect URL for "Script Not Found" Error is not configured, allows remote attackers to obtain sensitive information via a quote (') or possibly other invalid value in the storeid parameter in store.wml in webplus.exe, which reveals the path in a...

6.5AI Score

0.009EPSS

2006-04-20 10:02 AM

cve

CVE-2006-1682

Cross-site scripting (XSS) vulnerability in webplus.exe in TalentSoft Web+Shop 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the deptname parameter, possibly involving the webpshop/ department.wml...

5.8AI Score

0.008EPSS

2006-04-11 12:02 AM

cve

CVE-2002-1461

Web Shop Manager 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search...

8AI Score

0.038EPSS

2003-06-09 04:00 AM