18 matches found
EUVD-2018-21511
Malware in sbrugna...
EUVD-2020-10091
Malware in sbrugna...
CVE-2020-18164
SQL Injection vulnerability exists in tp-shop 2.x-3.x via the /index.php/home/api/shop fBill parameter...
mini-tp-shop.ch Cross Site Scripting vulnerability OBB-3410277
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2020-18164
SQL Injection vulnerability exists in tp-shop 2.x-3.x via the /index.php/home/api/shop fBill parameter...
CVE-2020-18164
SQL Injection vulnerability exists in tp-shop 2.x-3.x via the /index.php/home/api/shop fBill parameter...
Sql injection
SQL Injection vulnerability exists in tp-shop 2.x-3.x via the /index.php/home/api/shop fBill parameter...
CVE-2020-18164
SQL Injection vulnerability exists in tp-shop 2.x-3.x via the /index.php/home/api/shop fBill parameter...
CVE-2020-18164
CVE-2020-18164 affects tp-shop 2.x–3.x, with an SQL Injection in the /index.php/home/api/shop fBill parameter. Root cause: unsafely constructed SQL queries exposed via the fBill input. Impact per sources: high severity (NVD CVSS v3.1: 9.8, CRITICAL; v2.0: 7.5, HIGH) with network access and no aut...
cms.mini-tp-shop.ch Cross Site Scripting vulnerability OBB-1331806
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
cms.mini-tp-shop.ch Cross Site Scripting vulnerability OBB-1298537
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
CVE-2018-9919
A web-accessible backdoor, with resultant SSRF, exists in Tp-shop 2.0.5 through 2.0.8, which allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution, because...
CVE-2018-9919
A web-accessible backdoor, with resultant SSRF, exists in Tp-shop 2.0.5 through 2.0.8, which allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution, because...
Command injection
A web-accessible backdoor, with resultant SSRF, exists in Tp-shop 2.0.5 through 2.0.8, which allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution, because...
CVE-2018-9919
CVE-2018-9919 affects Tp-shop 2.0.5–2.0.8 with a web-accessible backdoor that enables SSRF and potential remote code execution. A backdoor in the file path "/vendor/phpdocumentor/reflection-docblock/tests/phpDocumentor/Reflection/DocBlock/Tag/LinkTagTeet.php" uses parameters bddlj (path), down_ur...
CVE-2018-9919
A web-accessible backdoor, with resultant SSRF, exists in Tp-shop 2.0.5 through 2.0.8, which allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution, because...
TPshop open source mall system information leakage vulnerability
TPshop open-source mall system Thinkphp shop for short, is a set of Shenzhen Soleil Networks Ltd. developed a set of multi-merchant model of the mall system. TPshop mall system there is an information leakage vulnerability . The vulnerability is due to the system reports an error by throwing an...
Multiple SQL Injection Vulnerabilities in tpshop 2.0
TPshop open source mall system Thinkphp shop for short , is a set of Shenzhen Soleil Networks Ltd. developed a set of multi- merchant model of the mall system . tpshop2.0 there are multiple SQL injection vulnerabilities , the vulnerability stems from tpshop2.0 thinkphp5.0 framework development , ...