CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-42237
https://notcve.org/view.php?id=CVE-2022-42237
17 Oct 2022 — A SQL Injection issue in Merchandise Online Store v.1.0 allows an attacker to log in to the admin account. Un problema de inyección SQL en Merchandise Online Store versión v.1.0, permite a un atacante acceder a la cuenta de administrador • https://github.com/draco1725/sqlinj/blob/main/poc • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-42238
https://notcve.org/view.php?id=CVE-2022-42238
11 Oct 2022 — A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard. Un problema de escalada vertical de privilegios en Merchandise Online Store versión v.1.0, permite a un atacante acceder al panel de control del administrador • https://github.com/draco1725/localpriv/blob/main/poc • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42236
https://notcve.org/view.php?id=CVE-2022-42236
11 Oct 2022 — A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account form. Un problema de XSS almacenado en Merchandise Online Store versión v.1.0, permite una inyección de JavaScript arbitrario en el formulario de edición de cuentas • https://github.com/draco1725/vloggers/blob/main/poc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-30423
https://notcve.org/view.php?id=CVE-2022-30423
27 May 2022 — Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system information. Merchandise Online Store versión v1.0 de oretnom23, presenta una vulnerabilidad de ejecución de código arbitrario (RCE) en el punto de carga del perfil del usuario en la información del sistema • https://github.com/ffYYy6x0y1/bug_report/blob/main/vendors/oretnom23/merchandise-online-store/RCE-1.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-30454
https://notcve.org/view.php?id=CVE-2022-30454
24 May 2022 — Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_product. Merchandise Online Store versión 1.0, es vulnerable a una inyección SQL por medio de /vloggers_merch/classes/Master.php?f=delete_product • https://github.com/mikeccltt/bug_report/blob/main/vendors/oretnom23/merchandise-online-store/SQL-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-30381
https://notcve.org/view.php?id=CVE-2022-30381
13 May 2022 — Merchandise Online Store v1.0 is vulnerable to file deletion via /vloggers_merch/classes/Master.php?f=delete_img. Merchandise Online Store versión v1.0, es vulnerable al borrado de archivos por medio de /vloggers_merch/classes/Master.php?f=delete_img • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/merchandise-online-store/delet-file-1.md •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-30384
https://notcve.org/view.php?id=CVE-2022-30384
13 May 2022 — Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_inventory. Merchandise Online Store versión v1.0, es vulnerable a una inyección SQL por medio de /vloggers_merch/classes/Master.php?f=delete_inventory • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/merchandise-online-store/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-30385
https://notcve.org/view.php?id=CVE-2022-30385
13 May 2022 — Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_order. Merchandise Online Store versión v1.0, es vulnerable a una inyección SQL por medio de /vloggers_merch/classes/Master.php?f=delete_order • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/merchandise-online-store/SQLi-2.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-30386
https://notcve.org/view.php?id=CVE-2022-30386
13 May 2022 — Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_featured. Merchandise Online Store versión v1.0, es vulnerable a una inyección SQL por medio de /vloggers_merch/classes/Master.php?f=delete_featured • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/merchandise-online-store/SQLi-4.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30387
https://notcve.org/view.php?id=CVE-2022-30387
13 May 2022 — Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=pay_order. Merchandise Online Store versión v1.0, es vulnerable a una inyección SQL por medio de /vloggers_merch/classes/Master.php?f=pay_order • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/merchandise-online-store/SQLi-3.md. • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •