Ecommerce-website Project

Ecommerce-website

5 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2022-45990

Exploit
  • EPSS 0.34%
  • Veröffentlicht 05.12.2022 23:15:09
  • Zuletzt bearbeitet 24.04.2025 14:15:44

A cross-site scripting (XSS) vulnerability in the component /signup_script.php of Ecommerce-Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the eMail parameter.

8.8

CVE-2022-27346

Exploit
  • EPSS 2.94%
  • Veröffentlicht 08.04.2022 09:15:11
  • Zuletzt bearbeitet 21.11.2024 06:55:36

Ecommece-Website v1.1.0 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?slides. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

9.8

CVE-2022-27357

Exploit
  • EPSS 3.39%
  • Veröffentlicht 08.04.2022 09:15:11
  • Zuletzt bearbeitet 21.11.2024 06:55:37

Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via /customer_register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

8.8

CVE-2022-27435

Exploit
  • EPSS 0.58%
  • Veröffentlicht 04.04.2022 14:15:07
  • Zuletzt bearbeitet 21.11.2024 06:55:43

An unrestricted file upload at /public/admin/index.php?add_product of Ecommerce-Website v1.1.0 allows attackers to upload a webshell via the Product Image component.

4.8

CVE-2022-27436

Exploit
  • EPSS 0.48%
  • Veröffentlicht 04.04.2022 14:15:07
  • Zuletzt bearbeitet 21.11.2024 06:55:44

A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_user at Ecommerce-Website v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username text field.