VYPR

Ecommerce Website

by Codeastro

CVEs (7)

  • CVE-2025-13793MedNov 30, 2025
    risk 0.28cvss 4.3epss 0.00

    A weakness has been identified in winston-dsouza Ecommerce-Website up to 87734c043269baac0b4cfe9664784462138b1b2e. Affected by this issue is some unknown functionality of the file /includes/header_menu.php of the component GET Parameter Handler. Executing manipulation of the…

  • CVE-2025-9237LowAug 20, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in CodeAstro Ecommerce Website 1.0. This impacts an unknown function of the file /customer/my_account.php?edit_account of the component Edit Your Account Page. Performing manipulation of the argument Username results in cross site scripting. It is…

  • CVE-2024-44652Nov 17, 2025
    risk 0.00cvss epss 0.00

    Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the user_email, username, user_firstname, user_lastname, and user_address parameters in user_register.php.

  • CVE-2024-44653Nov 17, 2025
    risk 0.00cvss epss 0.00

    Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the user_email parameter in user_login.php.

  • CVE-2024-44651Nov 17, 2025
    risk 0.00cvss epss 0.00

    Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the recover_email parameter in user_password_recover.php.

  • CVE-2024-2351Mar 9, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in CodeAstro Ecommerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file action.php of the component Search. The manipulation of the argument cat_id/brand_id/keyword leads to sql injection. The…

  • CVE-2022-45990Dec 5, 2022
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in the component /signup_script.php of Ecommerce-Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the eMail parameter.