Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
smartstore smartstorenet vulnerabilities and exploits
(subscribe to this query)
570
VMScore
CVE-2020-36364
An issue exists in Smartstore (aka SmartStoreNET) prior to 4.1.0. Administration/Controllers/ImportController.cs allows path traversal (for copy and delete actions) in the ImportController.Create method via a TempFileName field.
Smartstore Smartstorenet
516
VMScore
CVE-2020-36365
Smartstore (aka SmartStoreNET) prior to 4.1.0 allows CommonController.ClearCache, ClearDatabaseCache, RestartApplication, and ScheduleTaskController.Edit open redirect.
Smartstore Smartstorenet
578
VMScore
CVE-2020-27996
An issue exists in SmartStoreNET prior to 4.0.1. It does not properly consider the need for a CustomModelPartAttribute decoration in certain ModelBase.CustomProperties situations.
Smartstore Smartstorenet
605
VMScore
CVE-2020-27997
An issue exists in SmartStoreNET prior to 4.1.0. Lack of Cross Site Request Forgery (CSRF) protection may lead to elevation of privileges (e.g., /admin/customer/create to create an admin account).
Smartstore Smartstorenet
668
VMScore
CVE-2021-32607
An issue exists in Smartstore (aka SmartStoreNET) up to and including 4.1.1. Views/PrivateMessages/View.cshtml does not call HtmlUtils.SanitizeHtml on a private message.
Smartstore Smartstore
668
VMScore
CVE-2021-32608
An issue exists in Smartstore (aka SmartStoreNET) up to and including 4.1.1. Views/Boards/Partials/_ForumPost.cshtml does not call HtmlUtils.SanitizeHtml on certain text for a forum post.
Smartstore Smartstore
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started