Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
e-commerce vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-1423
Multiple PHP remote file inclusion vulnerabilities in WORK system e-commerce 3.0.5 and previous versions allow remote malicious users to execute arbitrary PHP code via a URL in the g_include parameter to include/include_top.php and certain other PHP scripts.
Work System E-commerce Work System E-commerce 3.0.4
Work System E-commerce Work System E-commerce 3.0.41
Work System E-commerce Work System E-commerce 3.0.5
Work System E-commerce Work System E-commerce 3.0.3
1 EDB exploit
6.1
CVSSv3
CVE-2019-0298
SAP E-Commerce (Business-to-Consumer) application does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Fixed in the following components SAP-CRMJAV SAP-CRMWEB SAP-SHRWEB SAP-SHRJAV SAP-CRMAPP SAP-SHRAPP, versions 7.30, 7.31, ...
Sap E-commerce 7.30
Sap E-commerce 7.31
Sap E-commerce 7.32
Sap E-commerce 7.33
Sap E-commerce 7.54
6.8
CVSSv3
CVE-2019-0308
An authenticated attacker in SAP E-Commerce (Business-to-Consumer application), versions 7.3, 7.31, 7.32, 7.33, 7.54, can change the price of the product to zero and also checkout, by injecting an HTML code in the application that will be executed whenever the victim logs in to t...
Sap E-commerce 7.30
Sap E-commerce 7.32
Sap E-commerce 7.33
Sap E-commerce 7.54
Sap E-commerce 7.31
NA
CVE-2004-2084
Cross-site scripting (XSS) vulnerability in search.php in JShop E-Commerce Server allows remote malicious users to inject arbitrary web script or HTML via the xSearch parameter.
Jshop E-commerce Jshop Server 1.0.1
Jshop E-commerce Jshop Server 1.0.2
Jshop E-commerce Jshop Server 1.0.3
Jshop E-commerce Jshop Server 1.0.4
Jshop E-commerce Jshop Professional 3.3
Jshop E-commerce Jshop Professional 3.4
Jshop E-commerce Jshop Professional 3.0
Jshop E-commerce Jshop Professional 3.1
Jshop E-commerce Jshop Professional 3.2
Jshop E-commerce Jshop Server 1.1.0
Jshop E-commerce Jshop Server 1.2.0
NA
CVE-2007-5801
Unspecified vulnerability in WORK system e-commerce prior to 4.0.2 has unknown impact and attack vectors related to "Ajax pages."
Work System E-commerce Work System E-commerce
NA
CVE-2007-6292
SQL injection vulnerability in leggi_commenti.asp in MWOpen 1.4 and previous versions allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Mwopen E-commerce 0
Mwopen E-commerce 1.4
1 EDB exploit
5.4
CVSSv3
CVE-2021-25204
Cross-site scripting (XSS) vulnerability in SourceCodester E-Commerce Website v 1.0 allows remote malicious users to inject arbitrary web script or HTM via the subject field to feedback_process.php.
E-commerce Website Project E-commerce Website 1.0
9.8
CVSSv3
CVE-2021-25205
SQL injection vulnerability in SourceCodester E-Commerce Website V 1.0 allows remote malicious users to execute arbitrary SQL statements, via the update parameter to empViewUpdate.php .
E-commerce Website Project E-commerce Website 1.0
9.8
CVSSv3
CVE-2021-25207
Arbitrary file upload vulnerability in SourceCodester E-Commerce Website v 1.0 allows malicious users to execute arbitrary code via the file upload to prodViewUpdate.php.
E-commerce Website Project E-commerce Website 1.0
5.4
CVSSv3
CVE-2022-27330
A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_product of E-Commerce Website v1.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Title text field.
E-commerce Website Project E-commerce Website 1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
CVE-2023-52162
CVE-2024-23670
CVE-2024-5404
man-in-the-middle
CVE-2024-5214
CVE-2024-4358
CVE-2024-20696
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »