Vulnerabilities > Merchandise Online Store Project > High

DATE	CVE	VULNERABILITY TITLE	RISK
2022-10-11	CVE-2022-42238	Forced Browsing vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard. network low complexity merchandise-online-store-project CWE-425	8.8
2022-05-13	CVE-2022-30393	SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=product/manage_product&id=. network low complexity merchandise-online-store-project CWE-89	7.2
2022-05-13	CVE-2022-30396	SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=inventory/manage_inventory&id=. network low complexity merchandise-online-store-project CWE-89	7.2
2022-05-13	CVE-2022-30398	SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=orders/view_order&id=. network low complexity merchandise-online-store-project CWE-89	7.2
2022-05-13	CVE-2022-30399	SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=maintenance/manage_category&id=. network low complexity merchandise-online-store-project CWE-89	7.2
2022-05-13	CVE-2022-30400	SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/orders/view_order.php?view=user&id=. network low complexity merchandise-online-store-project CWE-89	7.2
2022-05-13	CVE-2022-30401	SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/?p=view_product&id=. network low complexity merchandise-online-store-project CWE-89	7.2
2022-05-13	CVE-2022-30402	SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=maintenance/manage_sub_category&id=. network low complexity merchandise-online-store-project CWE-89	7.2

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.