Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
a-shop vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-3936
Directory traversal vulnerability in admin/filebrowser.asp in A-shop 0.70 and previous versions, and possibly 0.71, allows remote malicious users to delete arbitrary files via unspecified filename references in the delfiles parameter.
A-shop A-shop
1 EDB exploit
NA
CVE-2007-3937
Multiple SQL injection vulnerabilities in A-shop 0.70 and previous versions allow remote malicious users to execute arbitrary SQL commands via unspecified vectors.
A-shop A-shop
1 EDB exploit
NA
CVE-2008-0681
SQL injection vulnerability in index.php in PHPShop 0.8.1 allows remote malicious users to execute arbitrary SQL commands via the product_id parameter, as demonstrated by a shop/flypage action.
Phpshop Phpshop 0.8.1
2 EDB exploits
NA
CVE-2009-4572
Cross-site request forgery (CSRF) vulnerability in PhpShop 0.8.1 allows remote malicious users to hijack the authentication of arbitrary users for requests that invoke the cartAdd function in a shop/cart action to the default URI.
Phpshop Phpshop 0.8.1
8.1
CVSSv3
CVE-2018-20714
The logging system of the Automattic WooCommerce plugin prior to 3.4.6 for WordPress is vulnerable to a File Deletion vulnerability. This allows deletion of woocommerce.php, which leads to certain privilege checks not being in place, and therefore a shop manager can escalate priv...
Woocommerce Woocommerce
NA
CVE-2009-4571
Multiple SQL injection vulnerabilities in index.php in PhpShop 0.8.1 allow remote malicious users to execute arbitrary SQL commands via the (1) module_id parameter in an admin/function_list action, the (2) vendor_id parameter in a vendor/vendor_form action, the (3) module_id para...
Phpshop Phpshop 0.8.1
2 EDB exploits
4.3
CVSSv3
CVE-2020-12101
The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remote authenticated users to zero out other user's stored addresses by manipulating an id field in the POST request for altering an address.
Xt-commerce Xt-commerce
4.3
CVSSv3
CVE-2020-15245
In Sylius prior to 1.6.9, 1.7.9 and 1.8.3, the user may register in a shop by email mail@example.com, verify it, change it to the mail another@domain.com and stay verified and enabled. This may lead to having accounts addressed to totally different emails, that were verified. Not...
Sylius Sylius
5.5
CVSSv3
CVE-2020-13434
SQLite up to and including 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
Sqlite Sqlite
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Fedoraproject Fedora 32
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
Freebsd Freebsd 12.0
Freebsd Freebsd 12.1
Freebsd Freebsd 11.4
Freebsd Freebsd
Oracle Outside In Technology 8.5.5
Oracle Communications Network Charging And Control 6.0.1
Oracle Communications Network Charging And Control
Oracle Communications Cloud Native Core Policy 1.14.0
Apple Iphone Os
Apple Watchos
Apple Tvos
Apple Ipados
Apple Icloud
Apple Itunes
2 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site request forgery
CVE-2024-34351
CVE-2024-1076
CVE-2024-25522
CVE-2024-34547
CVE-2024-4644
unauthorized
remote
CVE-2024-4671
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started