VYPR
Vendor

Shopwind

Products
1
CVEs
7
Across products
7
Status
Private

Products

1

Recent CVEs

7
  • CVE-2022-30453CriMay 11, 2022
    risk 0.65cvss 9.8epss 0.15

    ShopWind <= 3.4.2 has a RCE vulnerability in Database.php

  • CVE-2022-30452HigMay 11, 2022
    risk 0.47cvss 7.2epss 0.01

    ShopWind <= v3.4.2 has a Sql injection vulnerability in Database.php

  • CVE-2022-30059MedMay 11, 2022
    risk 0.42cvss 6.5epss 0.01

    Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Delete vulnerability via the neirong parameter at \backend\controllers\DbController.php.

  • CVE-2022-43321MedNov 9, 2022
    risk 0.40cvss 6.1epss 0.00

    Shopwind v3.4.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the component /common/library/Page.php.

  • CVE-2024-1705MedFeb 21, 2024
    risk 0.36cvss 5.6epss 0.01

    A vulnerability was found in Shopwind up to 4.6. It has been rated as critical. This issue affects the function actionCreate of the file /public/install/controllers/DefaultController.php of the component Installation. The manipulation leads to code injection. The attack may be…

  • CVE-2022-30058MedMay 11, 2022
    risk 0.35cvss 5.3epss 0.01

    Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Download vulnerability via the neirong parameter at \backend\controllers\DbController.php.

  • CVE-2022-30057MedMay 11, 2022
    risk 0.35cvss 5.4epss 0.00

    Shopwind <=v3.4.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability.