Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
eshop vulnerabilities and exploits
(subscribe to this query)
435
VMScore
CVE-2014-2016
Multiple cross-site scripting (XSS) vulnerabilities in OXID eShop Professional and Community Edition 4.6.8 and previous versions, 4.7.x prior to 4.7.11, and 4.8.x prior to 4.8.4, and Enterprise Edition 4.6.8 and previous versions, 5.0.x prior to 5.0.11 and 5.1.x prior to 5.1.4 al...
Oxid-esales Eshop
1 EDB exploit
578
VMScore
CVE-2016-5072
OXID eShop prior to 2016-06-13 allows remote malicious users to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition v4.8.12, Professional Edition v4.9.9, Community Edi...
Oxidforge Oxid Eshop
1 Github repository
668
VMScore
CVE-2018-20715
The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter() method in core/oxconfig.php.
Oxid-esales Eshop 4.10.6
383
VMScore
CVE-2016-0765
Multiple cross-site scripting (XSS) vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) page or (2) action parameter.
Elfden Eshop Plugin 6.3.14
578
VMScore
CVE-2016-0769
Multiple SQL injection vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow (1) remote administrators to execute arbitrary SQL commands via the delid parameter or remote authenticated users to execute arbitrary SQL commands via the (2) view, (3) mark...
Elfden Eshop Plugin 6.3.14
383
VMScore
CVE-2006-3156
Cross-site scripting (XSS) vulnerability in index.cgi in Ultimate eShop 1.0 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the subid parameter.
Thinkfactory Ultimate Eshop 1.0
NA
CVE-2022-35493
A Cross-site scripting (XSS) vulnerability in json search parse and the json response in wrteam.in, eShop - Multipurpose Ecommerce Store Website version 3.0.4 allows remote malicious users to inject arbitrary web script or HTML via the get_products?search parameter.
Wrteam Eshop - Ecommerce \\/ Store Website
1 Github repository
312
VMScore
CVE-2021-28901
Multiple cross-site scripting (XSS) vulnerabilities exist in SITA Software Azur CMS 1.2.3.1 and previous versions, which allows remote malicious users to inject arbitrary web script or HTML via the (1) NOM_CLI , (2) ADRESSE , (3) ADRESSE2, (4) LOCALITE parameters to /eshop/produc...
Sitasoftware Azurcms
755
VMScore
CVE-2006-3315
PHP remote file inclusion vulnerability in page.php in an unspecified RahnemaCo.com product, possibly eShop, allows remote malicious users to execute arbitrary PHP code via a URL in the osCsid parameter.
Rahnemaco Rahnemaco
1 EDB exploit
755
VMScore
CVE-2006-3314
PHP remote file inclusion vulnerability in page.php in an unspecified RahnemaCo.com product, possibly eShop, allows remote malicious users to execute arbitrary PHP code via a URL in the pageid parameter.
Rahnemaco Rahnemaco
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »