Shopex Ecshop

15 CVEs affecting Shopex Ecshop. Latest disclosed: 2024-05-22. Critical: 4, High: 1.

Top CVEs affecting Shopex Ecshop
CVESeverityScorePublishedSummary
CVE-2021-43679Critical9.82021-12-02ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\ecshop\upload\api\client\api.php.
CVE-2020-22206Critical9.82021-06-16SQL Injection in ECShop 3.0 via the aid parameter to admin/affiliate_ck.php.
CVE-2020-22205Critical9.82021-06-16SQL Injection in ECShop 3.0 via the id parameter to admin/shophelp.php.
CVE-2020-22204Critical9.82021-06-16SQL Injection in ECShop 2.7.6 via the goods_number parameter to flow.php. .
CVE-2021-41460High7.52022-06-28ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information.
CVE-2023-39112Medium6.52023-08-04ECShop v4.1.16 contains an arbitrary file deletion vulnerability in the Admin Panel.
CVE-2024-1530Medium6.32024-02-15A vulnerability, which was classified as critical, has been found in ECshop 4.1.8. Affected by this issue is some unknown functionality of the file /admin/view…
CVE-2020-20640Medium6.12021-06-28Cross Site Scripting (XSS) vulnerability in ECShop 4.0 due to security filtering issues, in the user.php file, we can use the html entity encoding to bypass th…
CVE-2024-35362Medium5.42024-05-22Ecshop 3.6 is vulnerable to Cross Site Scripting (XSS) via ecshop/article_cat.php.
CVE-2023-5294Medium4.72023-09-29A vulnerability has been found in ECshop 4.1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/order…
CVE-2023-5293Medium4.72023-09-29A vulnerability, which was classified as critical, was found in ECshop 4.1.5. Affected is an unknown function of the file /admin/leancloud.php. The manipulatio…
CVE-2023-1185Medium4.72023-03-06A vulnerability, which was classified as problematic, was found in ECshop up to 4.1.8. This affects an unknown part of the component New Product Handler. The m…
CVE-2023-1184Medium4.72023-03-06A vulnerability, which was classified as problematic, has been found in ECshop up to 4.1.8. Affected by this issue is some unknown functionality of the file ad…
CVE-2023-0783Medium4.72023-02-11A vulnerability was found in EcShop 4.1.5. It has been classified as critical. This affects an unknown part of the file /ecshop/admin/template.php of the compo…
CVE-2010-20422010-05-25SQL injection vulnerability in search.php in ECShop 2.7.2 allows remote attackers to execute arbitrary SQL commands via the encode parameter. NOTE: some of th…