Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
eshop vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2019-13026
OXID eShop 6.0.x prior to 6.0.5 and 6.1.x prior to 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker. This includes all shopping cart options, customer data, and the database. No interaction between the attacker and the victim is necessary.
Oxid-esales Eshop
4.3
CVSSv2
CVE-2014-2016
Multiple cross-site scripting (XSS) vulnerabilities in OXID eShop Professional and Community Edition 4.6.8 and previous versions, 4.7.x prior to 4.7.11, and 4.8.x prior to 4.8.4, and Enterprise Edition 4.6.8 and previous versions, 5.0.x prior to 5.0.11 and 5.1.x prior to 5.1.4 al...
Oxid-esales Eshop
1 EDB exploit
7.5
CVSSv2
CVE-2018-20715
The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter() method in core/oxconfig.php.
Oxid-esales Eshop 4.10.6
4.3
CVSSv2
CVE-2006-3156
Cross-site scripting (XSS) vulnerability in index.cgi in Ultimate eShop 1.0 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the subid parameter.
Thinkfactory Ultimate Eshop 1.0
4.3
CVSSv2
CVE-2016-0765
Multiple cross-site scripting (XSS) vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) page or (2) action parameter.
Elfden Eshop Plugin 6.3.14
6.5
CVSSv2
CVE-2016-0769
Multiple SQL injection vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow (1) remote administrators to execute arbitrary SQL commands via the delid parameter or remote authenticated users to execute arbitrary SQL commands via the (2) view, (3) mark...
Elfden Eshop Plugin 6.3.14
NA
CVE-2022-35493
A Cross-site scripting (XSS) vulnerability in json search parse and the json response in wrteam.in, eShop - Multipurpose Ecommerce Store Website version 3.0.4 allows remote malicious users to inject arbitrary web script or HTML via the get_products?search parameter.
Wrteam Eshop - Ecommerce \\/ Store Website
1 Github repository
3.5
CVSSv2
CVE-2021-28901
Multiple cross-site scripting (XSS) vulnerabilities exist in SITA Software Azur CMS 1.2.3.1 and previous versions, which allows remote malicious users to inject arbitrary web script or HTML via the (1) NOM_CLI , (2) ADRESSE , (3) ADRESSE2, (4) LOCALITE parameters to /eshop/produc...
Sitasoftware Azurcms
7.5
CVSSv2
CVE-2006-3314
PHP remote file inclusion vulnerability in page.php in an unspecified RahnemaCo.com product, possibly eShop, allows remote malicious users to execute arbitrary PHP code via a URL in the pageid parameter.
Rahnemaco Rahnemaco
1 EDB exploit
7.5
CVSSv2
CVE-2006-3315
PHP remote file inclusion vulnerability in page.php in an unspecified RahnemaCo.com product, possibly eShop, allows remote malicious users to execute arbitrary PHP code via a URL in the osCsid parameter.
Rahnemaco Rahnemaco
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »