CVE-2024-41432
- EPSS 0.1%
- Veröffentlicht 07.08.2024 16:15:46
- Zuletzt bearbeitet 08.08.2024 15:02:52
An IP Spoofing vulnerability has been discovered in Likeshop up to 2.5.7.20210811. This issue allows an attacker to replace their real IP address with any arbitrary IP address, specifically by adding a forged 'X-Forwarded' or 'Client-IP' header to re...
CVE-2024-5766
- EPSS 0.1%
- Veröffentlicht 08.06.2024 12:15:10
- Zuletzt bearbeitet 21.11.2024 09:48:18
A vulnerability was found in Likeshop up to 2.5.7 and classified as problematic. This issue affects some unknown processing of the file /admin of the component Merchandise Handler. The manipulation leads to cross site scripting. The attack may be ini...
CVE-2024-34949
- EPSS 0.17%
- Veröffentlicht 20.05.2024 18:15:10
- Zuletzt bearbeitet 15.08.2025 20:29:52
SQL injection vulnerability in Likeshop before 2.5.7 allows attackers to run abitrary SQL commands via the function OrderLogic::getOrderList function, exploited at the /admin/order/lists.html endpoint.
CVE-2024-24028
- EPSS 0.06%
- Veröffentlicht 21.03.2024 02:52:09
- Zuletzt bearbeitet 17.06.2025 13:02:50
Server Side Request Forgery (SSRF) vulnerability in Likeshop before 2.5.7 allows attackers to view sensitive information via the avatar parameter in function UserLogic::updateWechatInfo.
CVE-2024-24027
- EPSS 0.13%
- Veröffentlicht 27.02.2024 21:15:47
- Zuletzt bearbeitet 17.06.2025 13:47:56
SQL Injection vulnerability in Likeshop before 2.5.7 allows attackers to run abitrary SQL commands via the function DistributionMemberLogic::getFansLists.
CVE-2024-0352
- EPSS 91.89%
- Veröffentlicht 09.01.2024 23:15:10
- Zuletzt bearbeitet 21.11.2024 08:46:22
A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. Th...