Ecshop Security Vulnerabilities and Issues — Ecshop CVE List

Lucene search

ShopexEcshop

5 matches found

CVE•added 2021/06/28 6:15 p.m.•48 views

CVE-2020-20640

Cross Site Scripting (XSS) vulnerability in ECShop 4.0 due to security filtering issues, in the user.php file, we can use the html entity encoding to bypass the security policy of the safety.php file, triggering the xss vulnerability.

6.1CVSS6AI score0.00168EPSS

CVE•added 2021/06/16 6:15 p.m.•45 views

CVE-2020-22205

SQL Injection in ECShop 3.0 via the id parameter to admin/shophelp.php.

9.8CVSS9.7AI score0.00508EPSS

CVE•added 2021/06/16 6:15 p.m.•45 views

CVE-2020-22206

SQL Injection in ECShop 3.0 via the aid parameter to admin/affiliate_ck.php.

9.8CVSS9.7AI score0.00508EPSS

CVE•added 2021/06/16 6:15 p.m.•39 views

CVE-2020-22204

SQL Injection in ECShop 2.7.6 via the goods_number parameter to flow.php. .

9.8CVSS9.7AI score0.00508EPSS

CVE•added 2021/12/02 3:15 p.m.•29 views

CVE-2021-43679

ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\ecshop\upload\api\client\api.php.

9.8CVSS9.7AI score0.01107EPSS