Vulnerabilities > Shopex

DATE CVE VULNERABILITY TITLE RISK
2024-02-15 CVE-2024-1530 SQL Injection vulnerability in Shopex Ecshop 4.1.8
A vulnerability, which was classified as critical, has been found in ECshop 4.1.8.
network
low complexity
shopex CWE-89
8.8
8.8
2023-09-29 CVE-2023-5294 SQL Injection vulnerability in Shopex Ecshop 4.1.1
A vulnerability has been found in ECshop 4.1.1 and classified as critical.
network
low complexity
shopex CWE-89
8.8
8.8
2023-09-29 CVE-2023-5293 SQL Injection vulnerability in Shopex Ecshop 4.1.5
A vulnerability, which was classified as critical, was found in ECshop 4.1.5.
network
low complexity
shopex CWE-89
6.5
6.5
2023-08-04 CVE-2023-39112 Improper Authentication vulnerability in Shopex Ecshop 4.1.16
ECShop v4.1.16 contains an arbitrary file deletion vulnerability in the Admin Panel.
network
low complexity
shopex CWE-287
6.5
6.5
2023-03-06 CVE-2023-1184 Unrestricted Upload of File with Dangerous Type vulnerability in Shopex Ecshop
A vulnerability, which was classified as problematic, has been found in ECshop up to 4.1.8.
network
low complexity
shopex CWE-434
8.8
8.8
2023-03-06 CVE-2023-1185 Unrestricted Upload of File with Dangerous Type vulnerability in Shopex Ecshop
A vulnerability, which was classified as problematic, was found in ECshop up to 4.1.8.
network
low complexity
shopex CWE-434
8.8
8.8
2023-02-11 CVE-2023-0783 Unrestricted Upload of File with Dangerous Type vulnerability in Shopex Ecshop 4.1.5
A vulnerability was found in EcShop 4.1.5.
network
low complexity
shopex CWE-434
critical
 9.8
9.8
2022-06-28 CVE-2021-41460 SQL Injection vulnerability in Shopex Ecshop 4.1.0
ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information.
network
low complexity
shopex CWE-89
5.0
5.0
2021-12-02 CVE-2021-43679 SQL Injection vulnerability in Shopex Ecshop 2.7.3
ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\ecshop\upload\api\client\api.php.
network
low complexity
shopex CWE-89
7.5
7.5
2021-06-28 CVE-2020-20640 Cross-site Scripting vulnerability in Shopex Ecshop 4.0
Cross Site Scripting (XSS) vulnerability in ECShop 4.0 due to security filtering issues, in the user.php file, we can use the html entity encoding to bypass the security policy of the safety.php file, triggering the xss vulnerability.
network
shopex CWE-79
4.3
4.3