Online Store System CMS
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-25203 | Hig | 0.53 | 8.2 | 0.00 | Mar 26, 2026 | Online Store System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with the action=clientaccess parameter using… | ||
| CVE-2019-8290 | Med | 0.40 | 6.1 | 0.01 | Oct 1, 2019 | Vulnerability in Online Store v1.0, The registration form requirements for the member email format can be bypassed by posting directly to sent_register.php allowing special characters to be included and an XSS payload to be injected. | ||
| CVE-2022-37796 | Med | 0.35 | 5.4 | 0.00 | Sep 12, 2022 | In Simple Online Book Store System 1.0 in /admin_book.php the Title, Author, and Description parameters are vulnerable to Cross Site Scripting(XSS). | ||
| CVE-2019-8289 | Med | 0.35 | 5.4 | 0.01 | Oct 1, 2019 | Vulnerability in Online Store v1.0, stored XSS in admin/user_view.php adidas_member_email variable | ||
| CVE-2019-8288 | Med | 0.35 | 5.4 | 0.01 | Oct 1, 2019 | Vulnerability in Online Store v1.0, Stored XSS in user_view.php where adidas_member_user variable is not sanitized. |
- risk 0.53cvss 8.2epss 0.00
Online Store System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with the action=clientaccess parameter using…
- risk 0.40cvss 6.1epss 0.01
Vulnerability in Online Store v1.0, The registration form requirements for the member email format can be bypassed by posting directly to sent_register.php allowing special characters to be included and an XSS payload to be injected.
- risk 0.35cvss 5.4epss 0.00
In Simple Online Book Store System 1.0 in /admin_book.php the Title, Author, and Description parameters are vulnerable to Cross Site Scripting(XSS).
- risk 0.35cvss 5.4epss 0.01
Vulnerability in Online Store v1.0, stored XSS in admin/user_view.php adidas_member_email variable
- risk 0.35cvss 5.4epss 0.01
Vulnerability in Online Store v1.0, Stored XSS in user_view.php where adidas_member_user variable is not sanitized.