Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
online store system project online store system 1.0 vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2019-8288
Vulnerability in Online Store v1.0, Stored XSS in user_view.php where adidas_member_user variable is not sanitized.
Online Store System Project Online Store System 1.0
5.4
CVSSv3
CVE-2019-8289
Vulnerability in Online Store v1.0, stored XSS in admin/user_view.php adidas_member_email variable
Online Store System Project Online Store System 1.0
6.1
CVSSv3
CVE-2019-8290
Vulnerability in Online Store v1.0, The registration form requirements for the member email format can be bypassed by posting directly to sent_register.php allowing special characters to be included and an XSS payload to be injected.
Online Store System Project Online Store System 1.0
7.5
CVSSv3
CVE-2019-8291
Online Store System v1.0 delete_file.php doesn't check to see if a user has administrative rights nor does it check for path traversal.
Online Store System Project Online Store System 1.0
5.3
CVSSv3
CVE-2019-8292
Online Store System v1.0 delete_product.php doesn't check to see if a user authtenticated or has administrative rights allowing arbitrary product deletion.
Online Store System Project Online Store System 1.0
9.8
CVSSv3
CVE-2022-30423
Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system information.
Merchandise Online Store Project Merchandise Online Store 1.0
7.2
CVSSv3
CVE-2022-30799
Online Ordering System v1.0 by oretnom23 has SQL injection via store/orderpage.php.
Online Ordering System Project Online Ordering System 1.0
9.8
CVSSv3
CVE-2021-28294
Online Ordering System 1.0 is vulnerable to arbitrary file upload through /onlineordering/GPST/store/initiateorder.php, which may lead to remote code execution (RCE).
Online Ordering System Project Online Ordering System 1.0
7
CVSSv3
CVE-2017-2624
It was found that xorg-x11-server prior to 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is...
X.org Xorg-server
Debian Debian Linux 7.0
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started