Vulnerabilities > Peel

DATE	CVE	VULNERABILITY TITLE	RISK
2022-06-15	CVE-2021-41672	SQL Injection vulnerability in Peel Shopping 9.4.0 PEEL Shopping CMS 9.4.0 is vulnerable to authenticated SQL injection in utilisateurs.php. network low complexity peel CWE-89	5.5
2021-07-30	CVE-2021-37593	SQL Injection vulnerability in Peel Shopping 9.4.0 PEEL Shopping version 9.4.0 allows remote SQL injection. network low complexity peel CWE-89	6.4
2021-02-12	CVE-2021-27190	Cross-site Scripting vulnerability in Peel Shopping 9.3.0/9.4.0 A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEEL SHOPPING 9.3.0 and 9.4.0, which are publicly available. network peel CWE-79	3.5
2020-01-09	CVE-2019-20178	Cross-Site Request Forgery (CSRF) vulnerability in Peel Shopping 9.2.1 Advisto PEEL Shopping 9.2.1 has CSRF via administrer/utilisateurs.php to delete a user. network low complexity peel CWE-352	6.5
2019-06-30	CVE-2018-20848	Cross-Site Request Forgery (CSRF) vulnerability in Peel Shopping 9.0.0 Advisto PEEL SHOPPING 9.0.0 has CSRF via en/achat/caddie_ajout.php and en/achat/caddie_affichage.php, as demonstrated by an XSS payload in the couleurId[0] parameter to the latter. network peel CWE-352	6.8
2018-12-28	CVE-2018-1000887	Cross-site Scripting vulnerability in Peel Shopping 9.1.0 Peel shopping peel-shopping_9_1_0 version contains a Cross Site Scripting (XSS) vulnerability that can result in an authenticated user injecting java script code in the "Site Name EN" parameter. network peel CWE-79	3.5
2012-10-01	CVE-2012-5227	SQL Injection vulnerability in Peel Shopping 2.8/2.9 SQL injection vulnerability in administrer/tva.php in Peel SHOPPING 2.8 and 2.9 allows remote attackers to execute arbitrary SQL commands via the id parameter. network low complexity peel CWE-89	7.5
2012-10-01	CVE-2012-5226	Cross-Site Scripting vulnerability in Peel Shopping 2.8/2.9 Multiple cross-site scripting (XSS) vulnerabilities in Peel SHOPPING 2.8 and 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) motclef parameter to achat/recherche.php or (2) PATH_INFO to index.php. network peel CWE-79	4.3
2009-08-03	CVE-2008-6892	SQL Injection vulnerability in Peel 3.1 SQL injection vulnerability in lire/index.php in Peel 3.1 allows remote attackers to execute arbitrary SQL commands via the rubid parameter. network low complexity peel CWE-89	7.5
2008-03-25	CVE-2008-1507	Configuration vulnerability in Peel 1.0B/2.6/2.7 PEEL, possibly 3.x and earlier, has (1) a default [email protected] account with password admin, and (2) a default [email protected] account with password cinema, which allows remote attackers to gain administrative access. network low complexity peel CWE-16	7.5

Vulnerabilities > Peel {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Peel"}]}

Vulnerabilities > Peel