18 matches found
EUVD-2018-21511
Malware in sbrugna...
EUVD-2020-10091
Malware in sbrugna...
CVE-2020-18164
SQL Injection vulnerability exists in tp-shop 2.x-3.x via the /index.php/home/api/shop fBill parameter...
mini-tp-shop.ch Cross Site Scripting vulnerability OBB-3410277
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2020-18164
SQL Injection vulnerability exists in tp-shop 2.x-3.x via the /index.php/home/api/shop fBill parameter...
CVE-2020-18164
SQL Injection vulnerability exists in tp-shop 2.x-3.x via the /index.php/home/api/shop fBill parameter...
Sql injection
SQL Injection vulnerability exists in tp-shop 2.x-3.x via the /index.php/home/api/shop fBill parameter...
CVE-2020-18164
SQL Injection vulnerability exists in tp-shop 2.x-3.x via the /index.php/home/api/shop fBill parameter...
CVE-2020-18164
CVE-2020-18164 affects tp-shop 2.x–3.x, with an SQL Injection in the /index.php/home/api/shop fBill parameter. Root cause: unsafely constructed SQL queries exposed via the fBill input. Impact per sources: high severity (NVD CVSS v3.1: 9.8, CRITICAL; v2.0: 7.5, HIGH) with network access and no aut...
cms.mini-tp-shop.ch Cross Site Scripting vulnerability OBB-1331806
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
cms.mini-tp-shop.ch Cross Site Scripting vulnerability OBB-1298537
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
CVE-2018-9919
A web-accessible backdoor, with resultant SSRF, exists in Tp-shop 2.0.5 through 2.0.8, which allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution, because...
CVE-2018-9919
A web-accessible backdoor, with resultant SSRF, exists in Tp-shop 2.0.5 through 2.0.8, which allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution, because...
Command injection
A web-accessible backdoor, with resultant SSRF, exists in Tp-shop 2.0.5 through 2.0.8, which allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution, because...
CVE-2018-9919
A web-accessible backdoor, with resultant SSRF, exists in Tp-shop 2.0.5 through 2.0.8, which allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution, because...
CVE-2018-9919
CVE-2018-9919 affects Tp-shop 2.0.5–2.0.8 with a web-accessible backdoor that enables SSRF and potential remote code execution. A backdoor in the file path "/vendor/phpdocumentor/reflection-docblock/tests/phpDocumentor/Reflection/DocBlock/Tag/LinkTagTeet.php" uses parameters bddlj (path), down_ur...
TPshop open source mall system information leakage vulnerability
TPshop open-source mall system Thinkphp shop for short, is a set of Shenzhen Soleil Networks Ltd. developed a set of multi-merchant model of the mall system. TPshop mall system there is an information leakage vulnerability . The vulnerability is due to the system reports an error by throwing an...
Multiple SQL Injection Vulnerabilities in tpshop 2.0
TPshop open source mall system Thinkphp shop for short , is a set of Shenzhen Soleil Networks Ltd. developed a set of multi- merchant model of the mall system . tpshop2.0 there are multiple SQL injection vulnerabilities , the vulnerability stems from tpshop2.0 thinkphp5.0 framework development , ...