Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cosmoshop cosmoshop vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-2474
SQL injection vulnerability in lshop.cgi in Cosmoshop 8.11.106 and previous versions allows remote malicious users to execute arbitrary SQL commands via the artnum parameter.
Cosmoshop Cosmoshop 8.10.78
Cosmoshop Cosmoshop
1 EDB exploit
NA
CVE-2006-2475
Directory traversal vulnerability in (1) edit_mailtexte.cgi and (2) bestmail.cgi in Cosmoshop 8.11.106 and previous versions allows remote administrators to read arbitrary files via ".." sequences in the file parameter.
Cosmoshop Cosmoshop
Cosmoshop Cosmoshop 8.10.78
NA
CVE-2015-2103
Cross-site scripting (XSS) vulnerability in the admin-login panel (admin/index.cgi) in Cosmoshop allows remote malicious users to inject arbitrary web script or HTML via the username field (u_name parameter).
Cosmoshop Cosmoshop
NA
CVE-2005-2784
SQL injection vulnerability in the login function for the administration login panel in cosmoshop 8.10.78 allows remote malicious users to execute arbitrary SQL commands and bypass authentication via unspecified vectors.
Cosmoshop Cosmoshop 8.10.78
NA
CVE-2005-2785
cosmoshop 8.10.78 and previous versions stores passwords in plaintext in the database, which allows local users to obtain sensitive information.
Cosmoshop Cosmoshop 8.10.78
NA
CVE-2005-2786
Directory traversal vulnerability in bestmail_edit.cgi in cosmoshop 8.10.78 and previous versions allows remote administrators to read arbitrary files via ".." sequences in the file parameter.
Cosmoshop Cosmoshop 8.10.78
NA
CVE-2011-5306
Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/setup_edit.cgi in CosmoShop ePRO 10.05.00 allows remote malicious users to hijack the authentication of administrators for requests that modify settings via a setup action.
Zaunz Gmbh Cosmoshop 10.05.00
NA
CVE-2011-5305
Multiple cross-site scripting (XSS) vulnerabilities in CosmoShop ePRO 10.05.00 allow remote malicious users to inject arbitrary web script or HTML via (1) the rcopy parameter to cgi-bin/admin/rubrikadmin.cgi, (2) the typ parameter to cgi-bin/admin/artikeladmin.cgi, or (3) the suc...
Zaunz Gmbh Cosmoshop 10.05.00
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started