5 matches found
CVE-2023-1497
The CVE-2023-1497 entry affects SourceCodester Simple and Nice Shopping Cart Script 1.0, specifically the file uploaderm.php handling. Connected documentation confirms a vulnerability where manipulating the submit parameter allows unrestricted file uploads, enabling remote initiation. Multiple so...
CVE-2022-2957
CVE-2022-2957 affects SourceCodester Simple and Nice Shopping Cart Script. The vulnerability is an SQL injection in an unknown functionality of the file /mkshop/Men/profile.php triggered by manipulating the mem_id parameter. Documents indicate the attack could be launched remotely and that an exp...
CVE-2023-44061
The CVE-2023-44061 entry concerns the Simple and Nice Shopping Cart Script v1.0. A vulnerability in the upload function of the edit profile component enables a remote attacker to execute arbitrary code. This is described with a CVSS v3.1 base score of 8.8 (HIGH) with network attack vector, low at...
CVE-2022-2814
The CVE-2022-2814 entry relates to SourceCodester Simple and Nice Shopping Cart Script. Affected component: the /mkshope/login.php functionality where manipulating the msg argument leads to cross-site scripting. Documents consistently state the attack can be launched remotely and that the exploit...
CVE-2022-2909
CVE-2022-2909 affects SourceCodester Simple and Nice Shopping Cart Script, via unrestricted file upload in /mkshop/Men/profile.php. A remote attacker can upload arbitrary files, leading to high impact on confidentiality, integrity, and availability (per CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A...