Vulnerabilities > Phpshop > Phpshop
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-05 | CVE-2011-1069 | Cross-site Scripting vulnerability in PHPshop 0.8.1 PHPShop through 0.8.1 has XSS. | 4.3 |
| 2011-09-14 | CVE-2010-4836 | Cross-Site Scripting vulnerability in PHPshop Cross-site scripting (XSS) vulnerability in register.html in PHPShop 2.1 EE and earlier allows remote attackers to inject arbitrary web script or HTML via the name_new parameter. | 4.3 |
| 2010-01-05 | CVE-2009-4572 | Cross-Site Request Forgery (CSRF) vulnerability in PHPshop 0.8.1 Cross-site request forgery (CSRF) vulnerability in PhpShop 0.8.1 allows remote attackers to hijack the authentication of arbitrary users for requests that invoke the cartAdd function in a shop/cart action to the default URI. | 6.8 |
| 2010-01-05 | CVE-2009-4571 | SQL Injection vulnerability in PHPshop 0.8.1 Multiple SQL injection vulnerabilities in index.php in PhpShop 0.8.1 allow remote attackers to execute arbitrary SQL commands via the (1) module_id parameter in an admin/function_list action, the (2) vendor_id parameter in a vendor/vendor_form action, the (3) module_id parameter in an admin/module_form action, the (4) user_id parameter in an admin/user_form action, the (5) vendor_category_id parameter in a vendor/vendor_category_form action, the (6) user_id parameter in a store/user_form action, the (7) payment_method_id parameter in a store/payment_method_form action, the (8) tax_rate_id parameter in a tax/tax_form action, or the (9) category parameter in a shop/browse action. | 7.5 |
| 2010-01-05 | CVE-2009-4570 | Cross-Site Scripting vulnerability in PHPshop 0.8.1 Cross-site scripting (XSS) vulnerability in PhpShop 0.8.1 allows remote attackers to inject arbitrary web script or HTML via the order_id parameter in an order/order_print action to the default URI. | 4.3 |
| 2008-02-12 | CVE-2008-0681 | SQL Injection vulnerability in PHPshop 0.8.1 SQL injection vulnerability in index.php in PHPShop 0.8.1 allows remote attackers to execute arbitrary SQL commands via the product_id parameter, as demonstrated by a shop/flypage action. | 6.8 |
| 2004-12-31 | CVE-2004-2010 | Remote PHP Script Execution vulnerability in PHPShop PHP remote file inclusion vulnerability in index.php in phpShop 0.7.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the base_dir parameter to reference a URL on a remote web server that contains phpshop.cfg. | 7.5 |