Shopwind
by Shopwind
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-30453 | Cri | 0.65 | 9.8 | 0.15 | May 11, 2022 | ShopWind <= 3.4.2 has a RCE vulnerability in Database.php | ||
| CVE-2022-30452 | Hig | 0.47 | 7.2 | 0.01 | May 11, 2022 | ShopWind <= v3.4.2 has a Sql injection vulnerability in Database.php | ||
| CVE-2022-30059 | Med | 0.42 | 6.5 | 0.01 | May 11, 2022 | Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Delete vulnerability via the neirong parameter at \backend\controllers\DbController.php. | ||
| CVE-2022-43321 | Med | 0.40 | 6.1 | 0.00 | Nov 9, 2022 | Shopwind v3.4.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the component /common/library/Page.php. | ||
| CVE-2024-1705 | Med | 0.36 | 5.6 | 0.01 | Feb 21, 2024 | A vulnerability was found in Shopwind up to 4.6. It has been rated as critical. This issue affects the function actionCreate of the file /public/install/controllers/DefaultController.php of the component Installation. The manipulation leads to code injection. The attack may be… | ||
| CVE-2022-30058 | Med | 0.35 | 5.3 | 0.01 | May 11, 2022 | Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Download vulnerability via the neirong parameter at \backend\controllers\DbController.php. | ||
| CVE-2022-30057 | Med | 0.35 | 5.4 | 0.00 | May 11, 2022 | Shopwind <=v3.4.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability. |
- risk 0.65cvss 9.8epss 0.15
ShopWind <= 3.4.2 has a RCE vulnerability in Database.php
- risk 0.47cvss 7.2epss 0.01
ShopWind <= v3.4.2 has a Sql injection vulnerability in Database.php
- risk 0.42cvss 6.5epss 0.01
Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Delete vulnerability via the neirong parameter at \backend\controllers\DbController.php.
- risk 0.40cvss 6.1epss 0.00
Shopwind v3.4.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the component /common/library/Page.php.
- risk 0.36cvss 5.6epss 0.01
A vulnerability was found in Shopwind up to 4.6. It has been rated as critical. This issue affects the function actionCreate of the file /public/install/controllers/DefaultController.php of the component Installation. The manipulation leads to code injection. The attack may be…
- risk 0.35cvss 5.3epss 0.01
Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Download vulnerability via the neirong parameter at \backend\controllers\DbController.php.
- risk 0.35cvss 5.4epss 0.00
Shopwind <=v3.4.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability.