Vulnerabilities > Phpshop

DATE CVE VULNERABILITY TITLE RISK
2020-02-05 CVE-2011-1069 Cross-site Scripting vulnerability in PHPshop 0.8.1
PHPShop through 0.8.1 has XSS.
network
phpshop CWE-79
4.3
2011-09-14 CVE-2010-4836 Cross-Site Scripting vulnerability in PHPshop
Cross-site scripting (XSS) vulnerability in register.html in PHPShop 2.1 EE and earlier allows remote attackers to inject arbitrary web script or HTML via the name_new parameter.
network
phpshop CWE-79
4.3
2010-01-05 CVE-2009-4572 Cross-Site Request Forgery (CSRF) vulnerability in PHPshop 0.8.1
Cross-site request forgery (CSRF) vulnerability in PhpShop 0.8.1 allows remote attackers to hijack the authentication of arbitrary users for requests that invoke the cartAdd function in a shop/cart action to the default URI.
network
phpshop CWE-352
6.8
2010-01-05 CVE-2009-4571 SQL Injection vulnerability in PHPshop 0.8.1
Multiple SQL injection vulnerabilities in index.php in PhpShop 0.8.1 allow remote attackers to execute arbitrary SQL commands via the (1) module_id parameter in an admin/function_list action, the (2) vendor_id parameter in a vendor/vendor_form action, the (3) module_id parameter in an admin/module_form action, the (4) user_id parameter in an admin/user_form action, the (5) vendor_category_id parameter in a vendor/vendor_category_form action, the (6) user_id parameter in a store/user_form action, the (7) payment_method_id parameter in a store/payment_method_form action, the (8) tax_rate_id parameter in a tax/tax_form action, or the (9) category parameter in a shop/browse action.
network
low complexity
phpshop CWE-89
7.5
2010-01-05 CVE-2009-4570 Cross-Site Scripting vulnerability in PHPshop 0.8.1
Cross-site scripting (XSS) vulnerability in PhpShop 0.8.1 allows remote attackers to inject arbitrary web script or HTML via the order_id parameter in an order/order_print action to the default URI.
network
phpshop CWE-79
4.3
2008-02-12 CVE-2008-0681 SQL Injection vulnerability in PHPshop 0.8.1
SQL injection vulnerability in index.php in PHPShop 0.8.1 allows remote attackers to execute arbitrary SQL commands via the product_id parameter, as demonstrated by a shop/flypage action.
network
phpshop CWE-89
6.8
2004-12-31 CVE-2004-2010 Remote PHP Script Execution vulnerability in PHPShop
PHP remote file inclusion vulnerability in index.php in phpShop 0.7.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the base_dir parameter to reference a URL on a remote web server that contains phpshop.cfg.
network
low complexity
phpshop
7.5