Product:

Merchandise_online_store

(Merchandise_online_store_project)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 20
Date Id Summary Products Score Patch Annotated
2022-10-11 CVE-2022-42236 A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account form. Merchandise_online_store 5.4
2022-10-11 CVE-2022-42238 A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard. Merchandise_online_store 8.8
2022-10-17 CVE-2022-42237 A SQL Injection issue in Merchandise Online Store v.1.0 allows an attacker to log in to the admin account. Merchandise_online_store 9.8
2022-05-13 CVE-2022-30381 Merchandise Online Store v1.0 is vulnerable to file deletion via /vloggers_merch/classes/Master.php?f=delete_img. Merchandise_online_store 6.5
2022-05-13 CVE-2022-30384 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_inventory. Merchandise_online_store 9.8
2022-05-13 CVE-2022-30385 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_order. Merchandise_online_store 9.8
2022-05-13 CVE-2022-30386 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_featured. Merchandise_online_store 9.8
2022-05-13 CVE-2022-30387 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=pay_order. Merchandise_online_store 9.8
2022-05-13 CVE-2022-30391 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_category. Merchandise_online_store 9.8
2022-05-13 CVE-2022-30392 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_sub_category. Merchandise_online_store 9.8