Vulnerabilities > Merchandise Online Store Project

DATE CVE VULNERABILITY TITLE RISK
2022-10-17 CVE-2022-42237 SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0
A SQL Injection issue in Merchandise Online Store v.1.0 allows an attacker to log in to the admin account.
network
low complexity
merchandise-online-store-project CWE-89
critical
9.8
2022-10-11 CVE-2022-42236 Cross-site Scripting vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0
A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account form.
network
low complexity
merchandise-online-store-project CWE-79
5.4
2022-10-11 CVE-2022-42238 Forced Browsing vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0
A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard.
network
low complexity
merchandise-online-store-project CWE-425
8.8
2022-06-02 CVE-2022-30423 Unrestricted Upload of File with Dangerous Type vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0
Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system information.
network
low complexity
merchandise-online-store-project CWE-434
7.5
2022-05-24 CVE-2022-30454 SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0
Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_product.
network
low complexity
merchandise-online-store-project CWE-89
7.5
2022-05-13 CVE-2022-30381 Unspecified vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0
Merchandise Online Store v1.0 is vulnerable to file deletion via /vloggers_merch/classes/Master.php?f=delete_img.
network
low complexity
merchandise-online-store-project
5.5
2022-05-13 CVE-2022-30384 SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_inventory.
network
low complexity
merchandise-online-store-project CWE-89
7.5
2022-05-13 CVE-2022-30385 SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_order.
network
low complexity
merchandise-online-store-project CWE-89
7.5
2022-05-13 CVE-2022-30386 SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_featured.
network
low complexity
merchandise-online-store-project CWE-89
7.5
2022-05-13 CVE-2022-30387 SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=pay_order.
network
low complexity
merchandise-online-store-project CWE-89
7.5