CVE-2024-1705
- EPSS 0.09%
- Veröffentlicht 21.02.2024 18:15:50
- Zuletzt bearbeitet 12.02.2025 00:54:22
A vulnerability was found in Shopwind up to 4.6. It has been rated as critical. This issue affects the function actionCreate of the file /public/install/controllers/DefaultController.php of the component Installation. The manipulation leads to code i...
CVE-2022-43321
- EPSS 0.32%
- Veröffentlicht 09.11.2022 14:15:17
- Zuletzt bearbeitet 01.05.2025 16:15:25
Shopwind v3.4.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the component /common/library/Page.php.
CVE-2022-30057
- EPSS 0.21%
- Veröffentlicht 11.05.2022 18:15:29
- Zuletzt bearbeitet 21.11.2024 07:02:08
Shopwind <=v3.4.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability.
CVE-2022-30058
- EPSS 0.26%
- Veröffentlicht 11.05.2022 18:15:29
- Zuletzt bearbeitet 21.11.2024 07:02:08
Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Download vulnerability via the neirong parameter at \backend\controllers\DbController.php.
CVE-2022-30059
- EPSS 0.41%
- Veröffentlicht 11.05.2022 18:15:29
- Zuletzt bearbeitet 21.11.2024 07:02:08
Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Delete vulnerability via the neirong parameter at \backend\controllers\DbController.php.
CVE-2022-30452
- EPSS 0.27%
- Veröffentlicht 11.05.2022 18:15:29
- Zuletzt bearbeitet 21.11.2024 07:02:46
ShopWind <= v3.4.2 has a Sql injection vulnerability in Database.php
CVE-2022-30453
- EPSS 0.6%
- Veröffentlicht 11.05.2022 18:15:29
- Zuletzt bearbeitet 21.11.2024 07:02:46
ShopWind <= 3.4.2 has a RCE vulnerability in Database.php