Ecommerce Website
by Codeastro
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-13793 | Med | 0.28 | 4.3 | 0.00 | Nov 30, 2025 | A weakness has been identified in winston-dsouza Ecommerce-Website up to 87734c043269baac0b4cfe9664784462138b1b2e. Affected by this issue is some unknown functionality of the file /includes/header_menu.php of the component GET Parameter Handler. Executing manipulation of the… | ||
| CVE-2025-9237 | Low | 0.23 | 3.5 | 0.00 | Aug 20, 2025 | A vulnerability was found in CodeAstro Ecommerce Website 1.0. This impacts an unknown function of the file /customer/my_account.php?edit_account of the component Edit Your Account Page. Performing manipulation of the argument Username results in cross site scripting. It is… | ||
| CVE-2024-44652 | 0.00 | — | 0.00 | Nov 17, 2025 | Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the user_email, username, user_firstname, user_lastname, and user_address parameters in user_register.php. | |||
| CVE-2024-44653 | 0.00 | — | 0.00 | Nov 17, 2025 | Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the user_email parameter in user_login.php. | |||
| CVE-2024-44651 | 0.00 | — | 0.00 | Nov 17, 2025 | Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the recover_email parameter in user_password_recover.php. | |||
| CVE-2024-2351 | 0.00 | — | 0.01 | Mar 9, 2024 | A vulnerability classified as critical was found in CodeAstro Ecommerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file action.php of the component Search. The manipulation of the argument cat_id/brand_id/keyword leads to sql injection. The… | |||
| CVE-2022-45990 | 0.00 | — | 0.00 | Dec 5, 2022 | A cross-site scripting (XSS) vulnerability in the component /signup_script.php of Ecommerce-Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the eMail parameter. |
- risk 0.28cvss 4.3epss 0.00
A weakness has been identified in winston-dsouza Ecommerce-Website up to 87734c043269baac0b4cfe9664784462138b1b2e. Affected by this issue is some unknown functionality of the file /includes/header_menu.php of the component GET Parameter Handler. Executing manipulation of the…
- risk 0.23cvss 3.5epss 0.00
A vulnerability was found in CodeAstro Ecommerce Website 1.0. This impacts an unknown function of the file /customer/my_account.php?edit_account of the component Edit Your Account Page. Performing manipulation of the argument Username results in cross site scripting. It is…
- CVE-2024-44652Nov 17, 2025risk 0.00cvss —epss 0.00
Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the user_email, username, user_firstname, user_lastname, and user_address parameters in user_register.php.
- CVE-2024-44653Nov 17, 2025risk 0.00cvss —epss 0.00
Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the user_email parameter in user_login.php.
- CVE-2024-44651Nov 17, 2025risk 0.00cvss —epss 0.00
Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the recover_email parameter in user_password_recover.php.
- CVE-2024-2351Mar 9, 2024risk 0.00cvss —epss 0.01
A vulnerability classified as critical was found in CodeAstro Ecommerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file action.php of the component Search. The manipulation of the argument cat_id/brand_id/keyword leads to sql injection. The…
- CVE-2022-45990Dec 5, 2022risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability in the component /signup_script.php of Ecommerce-Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the eMail parameter.