TradePro
by ITB-GmbH
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-36645 | Cri | 0.59 | 9.1 | 0.01 | Apr 4, 2024 | SQL injection vulnerability in ITB-GmbH TradePro v9.5, allows remote attackers to run SQL queries via oordershow component in customer function. | ||
| CVE-2023-36644 | Hig | 0.49 | 7.5 | 0.01 | Apr 4, 2024 | Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all order confirmations from the online shop via the printmail plugin. | ||
| CVE-2023-36643 | Hig | 0.49 | 7.5 | 0.01 | Apr 4, 2024 | Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all orders from the online shop via oordershow component in customer function. |
- risk 0.59cvss 9.1epss 0.01
SQL injection vulnerability in ITB-GmbH TradePro v9.5, allows remote attackers to run SQL queries via oordershow component in customer function.
- risk 0.49cvss 7.5epss 0.01
Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all order confirmations from the online shop via the printmail plugin.
- risk 0.49cvss 7.5epss 0.01
Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all orders from the online shop via oordershow component in customer function.