Published: 01/10/2019 Updated: 14/10/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Subscribe to Online Store System Project

Online Store System v1.0 delete_product.php doesn't check to see if a user authtenticated or has administrative rights allowing arbitrary product deletion.

Vulnerable Product	Search on Vulmon	Subscribe to Product
online store system project online store system 1.0

oss-sec mailing list archives   By Date By Thread </form>    Multiple vulnerabilities in Online store system v10 Stored XSS and unauthenticated product deletions <!--X-Subject-Header-En ...

oss-sec mailing list archives   By Date By Thread </form>    Re: Arbitrary file upload vulnerability in upload-image-with-ajax v10   ...

CWE-306 http://www.vapidlabs.com/advisory.php?v=210 https://www.abcprintf.com/view_download.php?id=17 http://www.openwall.com/lists/oss-security/2019/10/02/1 http://www.openwall.com/lists/oss-security/2019/12/23/1 http://www.openwall.com/lists/oss-security/2019/12/23/2 https://nvd.nist.gov http://seclists.org/oss-sec/2019/q4/2

CVE-2019-8292

Vulnerability Summary

Vulnerability Trend

Mailing Lists

References

Vulmon Search

About

Products

Connect