Vulnerabilities > Peel > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-15 | CVE-2021-41672 | SQL Injection vulnerability in Peel Shopping 9.4.0 PEEL Shopping CMS 9.4.0 is vulnerable to authenticated SQL injection in utilisateurs.php. | 5.5 |
| 2021-07-30 | CVE-2021-37593 | SQL Injection vulnerability in Peel Shopping 9.4.0 PEEL Shopping version 9.4.0 allows remote SQL injection. | 6.4 |
| 2020-01-09 | CVE-2019-20178 | Cross-Site Request Forgery (CSRF) vulnerability in Peel Shopping 9.2.1 Advisto PEEL Shopping 9.2.1 has CSRF via administrer/utilisateurs.php to delete a user. | 6.5 |
| 2019-06-30 | CVE-2018-20848 | Cross-Site Request Forgery (CSRF) vulnerability in Peel Shopping 9.0.0 Advisto PEEL SHOPPING 9.0.0 has CSRF via en/achat/caddie_ajout.php and en/achat/caddie_affichage.php, as demonstrated by an XSS payload in the couleurId[0] parameter to the latter. | 6.8 |
| 2012-10-01 | CVE-2012-5226 | Cross-Site Scripting vulnerability in Peel Shopping 2.8/2.9 Multiple cross-site scripting (XSS) vulnerabilities in Peel SHOPPING 2.8 and 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) motclef parameter to achat/recherche.php or (2) PATH_INFO to index.php. | 4.3 |
| 2008-03-25 | CVE-2008-1506 | Information Exposure vulnerability in Peel 1.0B/2.6/2.7 PEEL, possibly 3.x and earlier, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. | 5.0 |
| 2008-03-25 | CVE-2008-1495 | Improper Input Validation vulnerability in Peel 1.0B/2.6/2.7 Unrestricted file upload vulnerability in administrer/produits.php in PEEL, possibly 3.x and earlier, allows remote authenticated administrators to upload and execute arbitrary PHP files via a modified content type in an ajout action, as demonstrated by (1) image/gif and (2) application/pdf. | 6.5 |
| 2002-12-31 | CVE-2002-2134 | Remote File Include vulnerability in Peel 1.0B haut.php in PEEL 1.0b allows remote attackers to execute arbitrary PHP code by modifying the dirroot parameter to reference a URL on a remote web server that contains the code in a lang.php file. | 5.0 |