Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
eshop vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-26260
OXID eShop 6.2.x prior to 6.4.4 and 6.5.x prior to 6.5.2 allows session hijacking, leading to partial access of a customer's account by an attacker, due to an improper check of the user agent.
Oxidforge Oxid Eshop
NA
CVE-2023-38330
OXID eShop Enterprise Edition 6.5.0 – 6.5.2 prior to 6.5.3 allows uploading files with modified headers in the administration area. An attacker can upload a file with a modified header to create a HTTP Response Splitting attack.
Oxid-esales Eshop
383
VMScore
CVE-2016-0765
Multiple cross-site scripting (XSS) vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) page or (2) action parameter.
Elfden Eshop Plugin 6.3.14
668
VMScore
CVE-2018-20715
The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter() method in core/oxconfig.php.
Oxid-esales Eshop 4.10.6
383
VMScore
CVE-2006-3156
Cross-site scripting (XSS) vulnerability in index.cgi in Ultimate eShop 1.0 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the subid parameter.
Thinkfactory Ultimate Eshop 1.0
578
VMScore
CVE-2016-0769
Multiple SQL injection vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow (1) remote administrators to execute arbitrary SQL commands via the delid parameter or remote authenticated users to execute arbitrary SQL commands via the (2) view, (3) mark...
Elfden Eshop Plugin 6.3.14
NA
CVE-2022-35493
A Cross-site scripting (XSS) vulnerability in json search parse and the json response in wrteam.in, eShop - Multipurpose Ecommerce Store Website version 3.0.4 allows remote malicious users to inject arbitrary web script or HTML via the get_products?search parameter.
Wrteam Eshop - Ecommerce \\/ Store Website
1 Github repository
312
VMScore
CVE-2021-28901
Multiple cross-site scripting (XSS) vulnerabilities exist in SITA Software Azur CMS 1.2.3.1 and previous versions, which allows remote malicious users to inject arbitrary web script or HTML via the (1) NOM_CLI , (2) ADRESSE , (3) ADRESSE2, (4) LOCALITE parameters to /eshop/produc...
Sitasoftware Azurcms
755
VMScore
CVE-2006-3314
PHP remote file inclusion vulnerability in page.php in an unspecified RahnemaCo.com product, possibly eShop, allows remote malicious users to execute arbitrary PHP code via a URL in the pageid parameter.
Rahnemaco Rahnemaco
1 EDB exploit
755
VMScore
CVE-2006-3315
PHP remote file inclusion vulnerability in page.php in an unspecified RahnemaCo.com product, possibly eShop, allows remote malicious users to execute arbitrary PHP code via a URL in the osCsid parameter.
Rahnemaco Rahnemaco
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2024-34413
CVE-2024-34089
CVE-2024-33408
local
SQL
CVE-2024-0402
CVE-2024-33910
CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »