Peel

Peel Shopping

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2021-47897

Exploit
  • EPSS 0.05%
  • Veröffentlicht 23.01.2026 16:47:40
  • Zuletzt bearbeitet 26.01.2026 15:03:33

PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the address parameter of the change_params.php script. Attackers can inject malicious JavaScript payloads that execute when users interact with the address text box, potentia...

7.2

CVE-2021-47892

Exploit
  • EPSS 0.05%
  • Veröffentlicht 23.01.2026 16:47:37
  • Zuletzt bearbeitet 26.01.2026 15:03:33

PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the 'Comments / Special Instructions' parameter of the purchase page. Attackers can inject malicious JavaScript payloads that will execute when the page is refreshed, potenti...

6.5

CVE-2021-41672

Exploit
  • EPSS 0.68%
  • Veröffentlicht 15.06.2022 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:26:36

PEEL Shopping CMS 9.4.0 is vulnerable to authenticated SQL injection in utilisateurs.php. A user that belongs to the administrator group can inject a malicious SQL query in order to affect the execution logic of the application and retrive informatio...

9.1

CVE-2021-37593

Exploit
  • EPSS 0.7%
  • Veröffentlicht 30.07.2021 14:15:18
  • Zuletzt bearbeitet 21.11.2024 06:15:29

PEEL Shopping version 9.4.0 allows remote SQL injection. A public user/guest (unauthenticated) can inject a malicious SQL query in order to affect the execution of predefined SQL commands. Upon a successful SQL injection attack, an attacker can read ...

5.4

CVE-2021-27190

Exploit
  • EPSS 3.86%
  • Veröffentlicht 12.02.2021 03:15:12
  • Zuletzt bearbeitet 21.11.2024 05:57:31

A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEEL SHOPPING 9.3.0 and 9.4.0, which are publicly available. The user supplied input containing polyglot payload is echoed back in javascript code in HTML response. This allows an att...

6.5

CVE-2019-20178

  • EPSS 0.16%
  • Veröffentlicht 09.01.2020 22:15:12
  • Zuletzt bearbeitet 21.11.2024 04:38:10

Advisto PEEL Shopping 9.2.1 has CSRF via administrer/utilisateurs.php to delete a user.

8.8

CVE-2018-20848

Exploit
  • EPSS 0.14%
  • Veröffentlicht 30.06.2019 19:15:09
  • Zuletzt bearbeitet 21.11.2024 04:02:18

Advisto PEEL SHOPPING 9.0.0 has CSRF via en/achat/caddie_ajout.php and en/achat/caddie_affichage.php, as demonstrated by an XSS payload in the couleurId[0] parameter to the latter.

4.8

CVE-2018-1000887

Exploit
  • EPSS 0.37%
  • Veröffentlicht 28.12.2018 16:29:01
  • Zuletzt bearbeitet 21.11.2024 03:40:35

Peel shopping peel-shopping_9_1_0 version contains a Cross Site Scripting (XSS) vulnerability that can result in an authenticated user injecting java script code in the "Site Name EN" parameter. This attack appears to be exploitable if the malicious ...

4.3

CVE-2012-5226

Exploit
  • EPSS 0.33%
  • Veröffentlicht 01.10.2012 20:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in Peel SHOPPING 2.8 and 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) motclef parameter to achat/recherche.php or (2) PATH_INFO to index.php.

7.5

CVE-2012-5227

Exploit
  • EPSS 0.18%
  • Veröffentlicht 01.10.2012 20:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

SQL injection vulnerability in administrer/tva.php in Peel SHOPPING 2.8 and 2.9 allows remote attackers to execute arbitrary SQL commands via the id parameter.