Merchandise Online Store Security Vulnerabilities - November
Merchandise Online Store v1.0 is vulnerable to file deletion via /vloggers_merch/classes/Master.php?f=delete_img.
6.5CVSS
6.4AI Score
0.001EPSS
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_inventory.
9.8CVSS
9.8AI Score
0.002EPSS
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_order.
9.8CVSS
9.8AI Score
0.002EPSS
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_featured.
9.8CVSS
9.8AI Score
0.002EPSS
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=pay_order.
9.8CVSS
9.8AI Score
0.002EPSS
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_category.
9.8CVSS
9.8AI Score
0.002EPSS
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_sub_category.
9.8CVSS
9.8AI Score
0.002EPSS
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=product/manage_product&id=.
7.2CVSS
7.4AI Score
0.001EPSS
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_cart.
9.8CVSS
9.8AI Score
0.002EPSS
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=inventory/manage_inventory&id=.
7.2CVSS
7.4AI Score
0.001EPSS
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=orders/view_order&id=.
7.2CVSS
7.4AI Score
0.001EPSS
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=maintenance/manage_category&id=.
7.2CVSS
7.4AI Score
0.001EPSS
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/orders/view_order.php?view=user&id=.
7.2CVSS
7.4AI Score
0.001EPSS
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/?p=view_product&id=.
7.2CVSS
7.4AI Score
0.001EPSS
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=maintenance/manage_sub_category&id=.
7.2CVSS
7.4AI Score
0.001EPSS
Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system information.
9.8CVSS
9.7AI Score
0.003EPSS
Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_product.
9.8CVSS
9.8AI Score
0.002EPSS
A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account form.
5.4CVSS
5.3AI Score
0.001EPSS
A SQL Injection issue in Merchandise Online Store v.1.0 allows an attacker to log in to the admin account.
9.8CVSS
9.7AI Score
0.002EPSS
A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard.
8.8CVSS
8.5AI Score
0.001EPSS