Vulnerabilities > Merchandise Online Store Project > Merchandise Online Store > High

DATE	CVE	VULNERABILITY TITLE	RISK
2022-10-11	CVE-2022-42238	Forced Browsing vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard. network low complexity merchandise-online-store-project CWE-425	8.8
2022-06-02	CVE-2022-30423	Unrestricted Upload of File with Dangerous Type vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system information. network low complexity merchandise-online-store-project CWE-434	7.5
2022-05-24	CVE-2022-30454	SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_product. network low complexity merchandise-online-store-project CWE-89	7.5
2022-05-13	CVE-2022-30384	SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_inventory. network low complexity merchandise-online-store-project CWE-89	7.5
2022-05-13	CVE-2022-30385	SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_order. network low complexity merchandise-online-store-project CWE-89	7.5
2022-05-13	CVE-2022-30386	SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_featured. network low complexity merchandise-online-store-project CWE-89	7.5
2022-05-13	CVE-2022-30387	SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=pay_order. network low complexity merchandise-online-store-project CWE-89	7.5
2022-05-13	CVE-2022-30391	SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_category. network low complexity merchandise-online-store-project CWE-89	7.5
2022-05-13	CVE-2022-30392	SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_sub_category. network low complexity merchandise-online-store-project CWE-89	7.5
2022-05-13	CVE-2022-30395	SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_cart. network low complexity merchandise-online-store-project CWE-89	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.