Show filters
20 Total Results
Displaying 1-10 of 20
Sort by:
Attacker Value
Unknown

CVE-2022-42237

Disclosure Date: October 17, 2022 (last updated February 24, 2025)
A SQL Injection issue in Merchandise Online Store v.1.0 allows an attacker to log in to the admin account.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-42238

Disclosure Date: October 11, 2022 (last updated February 24, 2025)
A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-42236

Disclosure Date: October 11, 2022 (last updated February 24, 2025)
A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account form.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-30423

Disclosure Date: June 02, 2022 (last updated February 23, 2025)
Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system information.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-30454

Disclosure Date: May 24, 2022 (last updated February 23, 2025)
Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_product.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-30402

Disclosure Date: May 13, 2022 (last updated February 23, 2025)
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=maintenance/manage_sub_category&id=.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-30401

Disclosure Date: May 13, 2022 (last updated February 23, 2025)
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/?p=view_product&id=.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-30400

Disclosure Date: May 13, 2022 (last updated February 23, 2025)
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/orders/view_order.php?view=user&id=.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-30399

Disclosure Date: May 13, 2022 (last updated February 23, 2025)
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=maintenance/manage_category&id=.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-30398

Disclosure Date: May 13, 2022 (last updated February 23, 2025)
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=orders/view_order&id=.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
View More Topics  Next >