Vulnerabilities > Peel > Peel Shopping

DATE CVE VULNERABILITY TITLE RISK
2022-06-15 CVE-2021-41672 SQL Injection vulnerability in Peel Shopping 9.4.0
PEEL Shopping CMS 9.4.0 is vulnerable to authenticated SQL injection in utilisateurs.php.
network
low complexity
peel CWE-89
5.5
2021-07-30 CVE-2021-37593 SQL Injection vulnerability in Peel Shopping 9.4.0
PEEL Shopping version 9.4.0 allows remote SQL injection.
network
low complexity
peel CWE-89
6.4
2021-02-12 CVE-2021-27190 Cross-site Scripting vulnerability in Peel Shopping 9.3.0/9.4.0
A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEEL SHOPPING 9.3.0 and 9.4.0, which are publicly available.
network
peel CWE-79
3.5
2020-01-09 CVE-2019-20178 Cross-Site Request Forgery (CSRF) vulnerability in Peel Shopping 9.2.1
Advisto PEEL Shopping 9.2.1 has CSRF via administrer/utilisateurs.php to delete a user.
network
low complexity
peel CWE-352
6.5
2019-06-30 CVE-2018-20848 Cross-Site Request Forgery (CSRF) vulnerability in Peel Shopping 9.0.0
Advisto PEEL SHOPPING 9.0.0 has CSRF via en/achat/caddie_ajout.php and en/achat/caddie_affichage.php, as demonstrated by an XSS payload in the couleurId[0] parameter to the latter.
network
peel CWE-352
6.8
2018-12-28 CVE-2018-1000887 Cross-site Scripting vulnerability in Peel Shopping 9.1.0
Peel shopping peel-shopping_9_1_0 version contains a Cross Site Scripting (XSS) vulnerability that can result in an authenticated user injecting java script code in the "Site Name EN" parameter.
network
peel CWE-79
3.5
2012-10-01 CVE-2012-5227 SQL Injection vulnerability in Peel Shopping 2.8/2.9
SQL injection vulnerability in administrer/tva.php in Peel SHOPPING 2.8 and 2.9 allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
low complexity
peel CWE-89
7.5
2012-10-01 CVE-2012-5226 Cross-Site Scripting vulnerability in Peel Shopping 2.8/2.9
Multiple cross-site scripting (XSS) vulnerabilities in Peel SHOPPING 2.8 and 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) motclef parameter to achat/recherche.php or (2) PATH_INFO to index.php.
network
peel CWE-79
4.3