6 matches found
CVE-2021-41672
PEEL Shopping CMS 9.4.0 is vulnerable to authenticated SQL injection in utilisateurs.php. A user that belongs to the administrator group can inject a malicious SQL query in order to affect the execution logic of the application and retrive information from the database...
CVE-2021-41672
PEEL Shopping CMS 9.4.0 is vulnerable to authenticated SQL injection in utilisateurs.php. A user that belongs to the administrator group can inject a malicious SQL query in order to affect the execution logic of the application and retrive information from the database...
Sql injection
PEEL Shopping CMS 9.4.0 is vulnerable to authenticated SQL injection in utilisateurs.php. A user that belongs to the administrator group can inject a malicious SQL query in order to affect the execution logic of the application and retrive information from the database...
CVE-2021-41672
Affected product: PEEL Shopping CMS 9.4.0. Vulnerability: Authenticated SQL injection in utilisateurs.php. A user in the Administrator group can inject malicious SQL to influence application logic and retrieve data from the database. This is documented across multiple sources (NVD/Red Hat/CNVD) i...
Cross site request forgery (csrf)
Advisto PEEL Shopping 9.2.1 has CSRF via administrer/utilisateurs.php to delete a user...
CVE-2019-20178
Advisto PEEL Shopping 9.2.1 is affected by a Cross-Site Request Forgery (CSRF) via administrer/utilisateurs.php that can be used to delete a user. The issue is described across multiple sources (e.g., NVD entry CVE-2019-20178 and Red Hat/CVE mirrors) as a CSRF vulnerability in the web application...