VYPR

Likeshop

by Likeshop

CVEs (6)

  • CVE-2024-34949HigMay 20, 2024
    risk 0.53cvss 8.2epss 0.00

    SQL injection vulnerability in Likeshop before 2.5.7 allows attackers to run abitrary SQL commands via the function OrderLogic::getOrderList function, exploited at the /admin/order/lists.html endpoint.

  • CVE-2024-0352HigJan 9, 2024
    risk 0.53cvss 7.3epss 0.71

    A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the…

  • CVE-2024-24027HigFeb 27, 2024
    risk 0.47cvss 7.2epss 0.01

    SQL Injection vulnerability in Likeshop before 2.5.7 allows attackers to run abitrary SQL commands via the function DistributionMemberLogic::getFansLists.

  • CVE-2024-24028MedMar 21, 2024
    risk 0.38cvss 5.9epss 0.00

    Server Side Request Forgery (SSRF) vulnerability in Likeshop before 2.5.7 allows attackers to view sensitive information via the avatar parameter in function UserLogic::updateWechatInfo.

  • CVE-2024-41432MedAug 7, 2024
    risk 0.34cvss 5.3epss 0.00

    An IP Spoofing vulnerability has been discovered in Likeshop up to 2.5.7.20210811. This issue allows an attacker to replace their real IP address with any arbitrary IP address, specifically by adding a forged 'X-Forwarded' or 'Client-IP' header to requests. Exploiting IP…

  • CVE-2024-5766LowJun 8, 2024
    risk 0.16cvss 2.4epss 0.00

    A vulnerability was found in Likeshop up to 2.5.7 and classified as problematic. This issue affects some unknown processing of the file /admin of the component Merchandise Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The…