VYPR

sparkshop

by sparkshop

CVEs (6)

  • CVE-2024-6730MedJul 14, 2024
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in Nanjing Xingyuantu Technology SparkShop up to 1.1.6. It has been rated as critical. This issue affects some unknown processing of the file /api/Common/uploadFile. The manipulation of the argument file leads to unrestricted upload. The attack may be…

  • CVE-2025-50722Aug 25, 2025
    risk 0.00cvss epss 0.01

    Insecure Permissions vulnerability in sparkshop v.1.1.7 allows a remote attacker to execute arbitrary code via the Common.php component

  • CVE-2024-57685Feb 24, 2025
    risk 0.00cvss epss 0.00

    An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar file.

  • CVE-2024-48107Oct 28, 2024
    risk 0.00cvss epss 0.00

    SparkShop <=1.1.7 is vulnerable to server-side request forgery (SSRF). This vulnerability allows attacks to scan ports on the Intranet or local network where the server resides, attack applications running on the Intranet or local network, or read metadata on the cloud server.

  • CVE-2024-46307Oct 9, 2024
    risk 0.00cvss epss 0.01

    A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products.

  • CVE-2024-40425Jul 16, 2024
    risk 0.00cvss epss 0.01

    File Upload vulnerability in Nanjin Xingyuantu Technology Co Sparkshop (Spark Mall B2C Mall v.1.1.6 and before allows a remote attacker to execute arbitrary code via the contorller/common.php component.