Skip to main content

Online Store System

5 CVEs product

Monthly

CVE-2019-8292 MEDIUM POC This Month

Online Store System v1.0 delete_product.php doesn't check to see if a user authtenticated or has administrative rights allowing arbitrary product deletion. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Online Store System
NVD
CVSS 3.1
5.3
EPSS
1.9%
CVE-2019-8291 HIGH POC This Week

Online Store System v1.0 delete_file.php doesn't check to see if a user has administrative rights nor does it check for path traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Online Store System
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-8290 MEDIUM POC This Month

Vulnerability in Online Store v1.0, The registration form requirements for the member email format can be bypassed by posting directly to sent_register.php allowing special characters to be included. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Online Store System
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-8289 MEDIUM POC This Month

Vulnerability in Online Store v1.0, stored XSS in admin/user_view.php adidas_member_email variable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Online Store System
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2019-8288 MEDIUM POC This Month

Vulnerability in Online Store v1.0, Stored XSS in user_view.php where adidas_member_user variable is not sanitized. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Online Store System
NVD
CVSS 3.1
5.4
EPSS
0.8%
EPSS 2% CVSS 5.3
MEDIUM POC This Month

Online Store System v1.0 delete_product.php doesn't check to see if a user authtenticated or has administrative rights allowing arbitrary product deletion. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Online Store System
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

Online Store System v1.0 delete_file.php doesn't check to see if a user has administrative rights nor does it check for path traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Online Store System
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Vulnerability in Online Store v1.0, The registration form requirements for the member email format can be bypassed by posting directly to sent_register.php allowing special characters to be included. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Online Store System
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Vulnerability in Online Store v1.0, stored XSS in admin/user_view.php adidas_member_email variable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Online Store System
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Vulnerability in Online Store v1.0, Stored XSS in user_view.php where adidas_member_user variable is not sanitized. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Online Store System
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy