Vulnerabilities > Merchandise Online Store Project > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-17 | CVE-2022-42237 | SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 A SQL Injection issue in Merchandise Online Store v.1.0 allows an attacker to log in to the admin account. | 9.8 |
| 2022-06-02 | CVE-2022-30423 | Unrestricted Upload of File with Dangerous Type vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system information. | 9.8 |
| 2022-05-24 | CVE-2022-30454 | SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_product. | 9.8 |
| 2022-05-13 | CVE-2022-30384 | SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_inventory. | 9.8 |
| 2022-05-13 | CVE-2022-30385 | SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_order. | 9.8 |
| 2022-05-13 | CVE-2022-30386 | SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_featured. | 9.8 |
| 2022-05-13 | CVE-2022-30387 | SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=pay_order. | 9.8 |
| 2022-05-13 | CVE-2022-30391 | SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_category. | 9.8 |
| 2022-05-13 | CVE-2022-30392 | SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_sub_category. | 9.8 |
| 2022-05-13 | CVE-2022-30395 | SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_cart. | 9.8 |