Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
a-shop vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2007-3937
Multiple SQL injection vulnerabilities in A-shop 0.70 and previous versions allow remote malicious users to execute arbitrary SQL commands via unspecified vectors.
A-shop A-shop
1 EDB exploit
6.4
CVSSv2
CVE-2007-3936
Directory traversal vulnerability in admin/filebrowser.asp in A-shop 0.70 and previous versions, and possibly 0.71, allows remote malicious users to delete arbitrary files via unspecified filename references in the delfiles parameter.
A-shop A-shop
1 EDB exploit
6.8
CVSSv2
CVE-2008-0681
SQL injection vulnerability in index.php in PHPShop 0.8.1 allows remote malicious users to execute arbitrary SQL commands via the product_id parameter, as demonstrated by a shop/flypage action.
Phpshop Phpshop 0.8.1
2 EDB exploits
6.8
CVSSv2
CVE-2009-4572
Cross-site request forgery (CSRF) vulnerability in PhpShop 0.8.1 allows remote malicious users to hijack the authentication of arbitrary users for requests that invoke the cartAdd function in a shop/cart action to the default URI.
Phpshop Phpshop 0.8.1
5.5
CVSSv2
CVE-2018-20714
The logging system of the Automattic WooCommerce plugin prior to 3.4.6 for WordPress is vulnerable to a File Deletion vulnerability. This allows deletion of woocommerce.php, which leads to certain privilege checks not being in place, and therefore a shop manager can escalate priv...
Woocommerce Woocommerce
7.5
CVSSv2
CVE-2009-4571
Multiple SQL injection vulnerabilities in index.php in PhpShop 0.8.1 allow remote malicious users to execute arbitrary SQL commands via the (1) module_id parameter in an admin/function_list action, the (2) vendor_id parameter in a vendor/vendor_form action, the (3) module_id para...
Phpshop Phpshop 0.8.1
2 EDB exploits
4
CVSSv2
CVE-2020-12101
The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remote authenticated users to zero out other user's stored addresses by manipulating an id field in the POST request for altering an address.
Xt-commerce Xt-commerce
4
CVSSv2
CVE-2020-15245
In Sylius prior to 1.6.9, 1.7.9 and 1.8.3, the user may register in a shop by email mail@example.com, verify it, change it to the mail another@domain.com and stay verified and enabled. This may lead to having accounts addressed to totally different emails, that were verified. Not...
Sylius Sylius
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started