Shopex Ecshop
15 CVEs affecting Shopex Ecshop. Latest disclosed: 2024-05-22. Critical: 4, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-43679 | Critical | 9.8 | 2021-12-02 | ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\ecshop\upload\api\client\api.php. |
CVE-2020-22206 | Critical | 9.8 | 2021-06-16 | SQL Injection in ECShop 3.0 via the aid parameter to admin/affiliate_ck.php. |
CVE-2020-22205 | Critical | 9.8 | 2021-06-16 | SQL Injection in ECShop 3.0 via the id parameter to admin/shophelp.php. |
CVE-2020-22204 | Critical | 9.8 | 2021-06-16 | SQL Injection in ECShop 2.7.6 via the goods_number parameter to flow.php. . |
CVE-2021-41460 | High | 7.5 | 2022-06-28 | ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information. |
CVE-2023-39112 | Medium | 6.5 | 2023-08-04 | ECShop v4.1.16 contains an arbitrary file deletion vulnerability in the Admin Panel. |
CVE-2024-1530 | Medium | 6.3 | 2024-02-15 | A vulnerability, which was classified as critical, has been found in ECshop 4.1.8. Affected by this issue is some unknown functionality of the file /admin/view… |
CVE-2020-20640 | Medium | 6.1 | 2021-06-28 | Cross Site Scripting (XSS) vulnerability in ECShop 4.0 due to security filtering issues, in the user.php file, we can use the html entity encoding to bypass th… |
CVE-2024-35362 | Medium | 5.4 | 2024-05-22 | Ecshop 3.6 is vulnerable to Cross Site Scripting (XSS) via ecshop/article_cat.php. |
CVE-2023-5294 | Medium | 4.7 | 2023-09-29 | A vulnerability has been found in ECshop 4.1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/order… |
CVE-2023-5293 | Medium | 4.7 | 2023-09-29 | A vulnerability, which was classified as critical, was found in ECshop 4.1.5. Affected is an unknown function of the file /admin/leancloud.php. The manipulatio… |
CVE-2023-1185 | Medium | 4.7 | 2023-03-06 | A vulnerability, which was classified as problematic, was found in ECshop up to 4.1.8. This affects an unknown part of the component New Product Handler. The m… |
CVE-2023-1184 | Medium | 4.7 | 2023-03-06 | A vulnerability, which was classified as problematic, has been found in ECshop up to 4.1.8. Affected by this issue is some unknown functionality of the file ad… |
CVE-2023-0783 | Medium | 4.7 | 2023-02-11 | A vulnerability was found in EcShop 4.1.5. It has been classified as critical. This affects an unknown part of the file /ecshop/admin/template.php of the compo… |
CVE-2010-2042 | | 2010-05-25 | SQL injection vulnerability in search.php in ECShop 2.7.2 allows remote attackers to execute arbitrary SQL commands via the encode parameter. NOTE: some of th… |