Vulnerabilities > Shopex > Ecshop
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-15 | CVE-2024-1530 | SQL Injection vulnerability in Shopex Ecshop 4.1.8 A vulnerability, which was classified as critical, has been found in ECshop 4.1.8. | 8.8 |
| 2023-09-29 | CVE-2023-5294 | SQL Injection vulnerability in Shopex Ecshop 4.1.1 A vulnerability has been found in ECshop 4.1.1 and classified as critical. | 8.8 |
| 2023-09-29 | CVE-2023-5293 | SQL Injection vulnerability in Shopex Ecshop 4.1.5 A vulnerability, which was classified as critical, was found in ECshop 4.1.5. | 6.5 |
| 2023-08-04 | CVE-2023-39112 | Improper Authentication vulnerability in Shopex Ecshop 4.1.16 ECShop v4.1.16 contains an arbitrary file deletion vulnerability in the Admin Panel. | 6.5 |
| 2023-03-06 | CVE-2023-1184 | Unrestricted Upload of File with Dangerous Type vulnerability in Shopex Ecshop A vulnerability, which was classified as problematic, has been found in ECshop up to 4.1.8. | 8.8 |
| 2023-03-06 | CVE-2023-1185 | Unrestricted Upload of File with Dangerous Type vulnerability in Shopex Ecshop A vulnerability, which was classified as problematic, was found in ECshop up to 4.1.8. | 8.8 |
| 2023-02-11 | CVE-2023-0783 | Unrestricted Upload of File with Dangerous Type vulnerability in Shopex Ecshop 4.1.5 A vulnerability was found in EcShop 4.1.5. | 9.8 |
| 2022-06-28 | CVE-2021-41460 | SQL Injection vulnerability in Shopex Ecshop 4.1.0 ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information. | 5.0 |
| 2021-12-02 | CVE-2021-43679 | SQL Injection vulnerability in Shopex Ecshop 2.7.3 ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\ecshop\upload\api\client\api.php. | 7.5 |
| 2021-06-28 | CVE-2020-20640 | Cross-site Scripting vulnerability in Shopex Ecshop 4.0 Cross Site Scripting (XSS) vulnerability in ECShop 4.0 due to security filtering issues, in the user.php file, we can use the html entity encoding to bypass the security policy of the safety.php file, triggering the xss vulnerability. | 4.3 |