Vulnerabilities > Merchandise Online Store Project > Merchandise Online Store > Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2022-10-17	CVE-2022-42237	SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 A SQL Injection issue in Merchandise Online Store v.1.0 allows an attacker to log in to the admin account. network low complexity merchandise-online-store-project CWE-89 critical	9.8
2022-06-02	CVE-2022-30423	Unrestricted Upload of File with Dangerous Type vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system information. network low complexity merchandise-online-store-project CWE-434 critical	9.8
2022-05-24	CVE-2022-30454	SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_product. network low complexity merchandise-online-store-project CWE-89 critical	9.8
2022-05-13	CVE-2022-30395	SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_cart. network low complexity merchandise-online-store-project CWE-89 critical	9.8
2022-05-13	CVE-2022-30392	SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_sub_category. network low complexity merchandise-online-store-project CWE-89 critical	9.8
2022-05-13	CVE-2022-30391	SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_category. network low complexity merchandise-online-store-project CWE-89 critical	9.8
2022-05-13	CVE-2022-30387	SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=pay_order. network low complexity merchandise-online-store-project CWE-89 critical	9.8
2022-05-13	CVE-2022-30386	SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_featured. network low complexity merchandise-online-store-project CWE-89 critical	9.8
2022-05-13	CVE-2022-30385	SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_order. network low complexity merchandise-online-store-project CWE-89 critical	9.8
2022-05-13	CVE-2022-30384	SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_inventory. network low complexity merchandise-online-store-project CWE-89 critical	9.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.