Skip to main content

Merchandise Online Store

21 CVEs product

Monthly

CVE-2022-42237 CRITICAL POC Act Now

A SQL Injection issue in Merchandise Online Store v.1.0 allows an attacker to log in to the admin account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Merchandise Online Store
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-42238 HIGH POC This Week

A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Merchandise Online Store
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-42236 MEDIUM POC This Month

A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account form. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Merchandise Online Store
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-30423 CRITICAL POC Act Now

Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system information. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Merchandise Online Store
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-30454 CRITICAL POC Act Now

Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_product. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Merchandise Online Store
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-30403 HIGH POC This Week

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/?p=products&c=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Merchandise Online Store
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-30402 HIGH POC This Week

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=maintenance/manage_sub_category&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Merchandise Online Store
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-30401 HIGH POC This Week

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/?p=view_product&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Merchandise Online Store
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-30400 HIGH POC This Week

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/orders/view_order.php?view=user&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Merchandise Online Store
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-30399 HIGH POC This Week

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=maintenance/manage_category&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Merchandise Online Store
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-30398 HIGH POC This Week

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=orders/view_order&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Merchandise Online Store
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-30396 HIGH POC This Week

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=inventory/manage_inventory&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Merchandise Online Store
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-30395 CRITICAL POC Act Now

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_cart. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Merchandise Online Store
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-30393 HIGH POC This Week

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=product/manage_product&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Merchandise Online Store
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-30392 CRITICAL POC Act Now

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_sub_category. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Merchandise Online Store
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-30391 CRITICAL POC Act Now

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_category. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Merchandise Online Store
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-30387 CRITICAL Act Now

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=pay_order. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Merchandise Online Store
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-30386 CRITICAL POC Act Now

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_featured. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Merchandise Online Store
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-30385 CRITICAL POC Act Now

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_order. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Merchandise Online Store
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-30384 CRITICAL POC Act Now

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_inventory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Merchandise Online Store
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-30381 MEDIUM POC This Month

Merchandise Online Store v1.0 is vulnerable to file deletion via /vloggers_merch/classes/Master.php?f=delete_img. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Merchandise Online Store
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A SQL Injection issue in Merchandise Online Store v.1.0 allows an attacker to log in to the admin account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Merchandise Online Store
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Merchandise Online Store
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC This Month

A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account form. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Merchandise Online Store
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system information. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Merchandise Online Store
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_product. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Merchandise Online Store
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/?p=products&c=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Merchandise Online Store
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=maintenance/manage_sub_category&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Merchandise Online Store
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/?p=view_product&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Merchandise Online Store
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/orders/view_order.php?view=user&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Merchandise Online Store
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=maintenance/manage_category&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Merchandise Online Store
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=orders/view_order&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Merchandise Online Store
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=inventory/manage_inventory&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Merchandise Online Store
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_cart. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Merchandise Online Store
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=product/manage_product&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Merchandise Online Store
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_sub_category. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Merchandise Online Store
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_category. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Merchandise Online Store
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=pay_order. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Merchandise Online Store
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_featured. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Merchandise Online Store
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_order. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Merchandise Online Store
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_inventory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Merchandise Online Store
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Merchandise Online Store v1.0 is vulnerable to file deletion via /vloggers_merch/classes/Master.php?f=delete_img. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Merchandise Online Store
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy