Skip to main content

Shopwind

7 CVEs product

Monthly

CVE-2024-1705 HIGH This Week

A vulnerability was found in Shopwind up to 4.6. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Code Injection PHP RCE Shopwind
NVD VulDB
CVSS 3.1
8.1
EPSS
0.6%
CVE-2022-43321 MEDIUM POC This Month

Shopwind v3.4.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the component /common/library/Page.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Shopwind
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-30453 CRITICAL POC THREAT Act Now

ShopWind <= 3.4.2 has a RCE vulnerability in Database.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Shopwind
NVD
CVSS 3.1
9.8
EPSS
15.3%
CVE-2022-30452 HIGH POC This Week

ShopWind <= v3.4.2 has a Sql injection vulnerability in Database.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Shopwind
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-30059 MEDIUM POC This Month

Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Delete vulnerability via the neirong parameter at \backend\controllers\DbController.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Shopwind
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-30058 MEDIUM POC This Month

Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Download vulnerability via the neirong parameter at \backend\controllers\DbController.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Shopwind
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2022-30057 MEDIUM POC This Month

Shopwind <=v3.4.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Shopwind
NVD
CVSS 3.1
5.4
EPSS
0.5%
EPSS 1% CVSS 8.1
HIGH This Week

A vulnerability was found in Shopwind up to 4.6. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Code Injection PHP RCE +1
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM POC This Month

Shopwind v3.4.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the component /common/library/Page.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Shopwind
NVD GitHub VulDB
EPSS 15% CVSS 9.8
CRITICAL POC THREAT Act Now

ShopWind <= 3.4.2 has a RCE vulnerability in Database.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Shopwind
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

ShopWind <= v3.4.2 has a Sql injection vulnerability in Database.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Shopwind
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Delete vulnerability via the neirong parameter at \backend\controllers\DbController.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Shopwind
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Download vulnerability via the neirong parameter at \backend\controllers\DbController.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Shopwind
NVD
EPSS 0% CVSS 5.4
MEDIUM POC This Month

Shopwind <=v3.4.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Shopwind
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy