Vulnerabilities > Merchandise Online Store Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-17 | CVE-2022-42237 | SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 A SQL Injection issue in Merchandise Online Store v.1.0 allows an attacker to log in to the admin account. | 9.8 |
| 2022-10-11 | CVE-2022-42236 | Cross-site Scripting vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account form. | 5.4 |
| 2022-10-11 | CVE-2022-42238 | Forced Browsing vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard. | 8.8 |
| 2022-06-02 | CVE-2022-30423 | Unrestricted Upload of File with Dangerous Type vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system information. | 9.8 |
| 2022-05-24 | CVE-2022-30454 | SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_product. | 9.8 |
| 2022-05-13 | CVE-2022-30381 | Unspecified vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to file deletion via /vloggers_merch/classes/Master.php?f=delete_img. | 6.5 |
| 2022-05-13 | CVE-2022-30384 | SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_inventory. | 9.8 |
| 2022-05-13 | CVE-2022-30385 | SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_order. | 9.8 |
| 2022-05-13 | CVE-2022-30386 | SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_featured. | 9.8 |
| 2022-05-13 | CVE-2022-30387 | SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=pay_order. | 9.8 |