VYPR
Vendor

Phpshop

Products
1
CVEs
7
Across products
7
Status
Private

Products

1

Recent CVEs

7
  • CVE-2011-1069MedFeb 5, 2020
    risk 0.40cvss 6.1epss 0.01

    PHPShop through 0.8.1 has XSS.

  • CVE-2010-4836Sep 14, 2011
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in register.html in PHPShop 2.1 EE and earlier allows remote attackers to inject arbitrary web script or HTML via the name_new parameter.

  • CVE-2009-4571Jan 5, 2010
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in index.php in PhpShop 0.8.1 allow remote attackers to execute arbitrary SQL commands via the (1) module_id parameter in an admin/function_list action, the (2) vendor_id parameter in a vendor/vendor_form action, the (3) module_id parameter…

  • CVE-2008-0681Feb 12, 2008
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in index.php in PHPShop 0.8.1 allows remote attackers to execute arbitrary SQL commands via the product_id parameter, as demonstrated by a shop/flypage action.

  • CVE-2009-4572Jan 5, 2010
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in PhpShop 0.8.1 allows remote attackers to hijack the authentication of arbitrary users for requests that invoke the cartAdd function in a shop/cart action to the default URI.

  • CVE-2009-4570Jan 5, 2010
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in PhpShop 0.8.1 allows remote attackers to inject arbitrary web script or HTML via the order_id parameter in an order/order_print action to the default URI.

  • CVE-2004-2010Dec 31, 2004
    risk 0.00cvss epss 0.03

    PHP remote file inclusion vulnerability in index.php in phpShop 0.7.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the base_dir parameter to reference a URL on a remote web server that contains phpshop.cfg.