Vulnerabilities > Shopex > Ecshop > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-29 | CVE-2023-5293 | SQL Injection vulnerability in Shopex Ecshop 4.1.5 A vulnerability, which was classified as critical, was found in ECshop 4.1.5. | 6.5 |
| 2023-08-04 | CVE-2023-39112 | Improper Authentication vulnerability in Shopex Ecshop 4.1.16 ECShop v4.1.16 contains an arbitrary file deletion vulnerability in the Admin Panel. | 6.5 |
| 2022-06-28 | CVE-2021-41460 | SQL Injection vulnerability in Shopex Ecshop 4.1.0 ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information. | 5.0 |
| 2021-06-28 | CVE-2020-20640 | Cross-site Scripting vulnerability in Shopex Ecshop 4.0 Cross Site Scripting (XSS) vulnerability in ECShop 4.0 due to security filtering issues, in the user.php file, we can use the html entity encoding to bypass the security policy of the safety.php file, triggering the xss vulnerability. | 4.3 |