NotCVE - vendor:"Peel" product:"Peel"

15 results (0.008 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-41672

https://notcve.org/view.php?id=CVE-2021-41672

15 Jun 2022 — PEEL Shopping CMS 9.4.0 is vulnerable to authenticated SQL injection in utilisateurs.php. A user that belongs to the administrator group can inject a malicious SQL query in order to affect the execution logic of the application and retrive information from the database. PEEL Shopping CMS versión 9.4.0, es vulnerable a una inyección SQL autenticada en el archivo utilisateurs.php. Un usuario que pertenezca al grupo de administradores puede inyectar una consulta SQL maliciosa para afectar a la lógica de ejecuc... • http://peel.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 4

CVE-2021-37593 – PEEL Shopping 9.3.0 - 'id' Time-based SQL Injection

https://notcve.org/view.php?id=CVE-2021-37593

27 Jul 2021 — PEEL Shopping version 9.4.0 allows remote SQL injection. A public user/guest (unauthenticated) can inject a malicious SQL query in order to affect the execution of predefined SQL commands. Upon a successful SQL injection attack, an attacker can read sensitive data from the database and possibly modify database data. La versión 9.4.0 de PEEL Shopping permite una inyección SQL remota. Un usuario/huésped (no autenticado) puede inyectar una consulta SQL maliciosa para afectar la ejecución de comandos SQL predef... • https://www.exploit-db.com/exploits/50142 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.4EPSS: 3%CPEs: 2EXPL: 3

CVE-2021-27190

https://notcve.org/view.php?id=CVE-2021-27190

12 Feb 2021 — A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEEL SHOPPING 9.3.0 and 9.4.0, which are publicly available. The user supplied input containing polyglot payload is echoed back in javascript code in HTML response. This allows an attacker to input malicious JavaScript which can steal cookie, redirect them to other malicious website, etc. Se detectó una vulnerabilidad de Cross Site Scripting(XSS) almacenada en PEEL SHOPPING versiones 9.3.0 y 9.4.0, que están disponibles públicamente. La entr... • https://github.com/anmolksachan/CVE-2021-27190-PEEL-Shopping-cart-9.3.0-Stored-XSS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-20178

https://notcve.org/view.php?id=CVE-2019-20178

09 Jan 2020 — Advisto PEEL Shopping 9.2.1 has CSRF via administrer/utilisateurs.php to delete a user. Advisto PEEL Shopping versión 9.2.1, presenta una vulnerabilidad de tipo CSRF por medio del archivo administrer/utilisateurs.php para eliminar un usuario. • https://medium.com/%40Pablo0xSantiago/cve-2019-20178-peel-shopping-ecommerce-shopping-cart-9-2-1-cross-site-request-forgery-17fc49ab5a65 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-20848

https://notcve.org/view.php?id=CVE-2018-20848

30 Jun 2019 — Advisto PEEL SHOPPING 9.0.0 has CSRF via en/achat/caddie_ajout.php and en/achat/caddie_affichage.php, as demonstrated by an XSS payload in the couleurId[0] parameter to the latter. Advisto PEEL SHOPPING versión 9.0.0, presenta un problema de tipo CSRF por medio de los archivos en/achat/caddie_ajout.php y en/achat/caddie_affichage.php, como es demostrado por una carga útil XSS en el parámetro couleurId[0] para este último. • https://packetstormsecurity.com/files/147467/Peel-Shopping-Cart-9.0.0-Cross-Site-Request-Forgery-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-1000887

https://notcve.org/view.php?id=CVE-2018-1000887

27 Dec 2018 — Peel shopping peel-shopping_9_1_0 version contains a Cross Site Scripting (XSS) vulnerability that can result in an authenticated user injecting java script code in the "Site Name EN" parameter. This attack appears to be exploitable if the malicious user has access to the administration account. Peel shopping peel-shopping, en su versión 9.1.0, contiene una vulnerabilidad Cross-Site Scripting (XSS) que puede resultar en que un usuario autenticado inyecte código JavaScript en el parámetro "Site Name EN". El ... • https://github.com/advisto/peel-shopping/issues/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3

CVE-2012-5226 – Peel Shopping 2.8/ 2.9 - Cross-Site Scripting / SQL Injections

https://notcve.org/view.php?id=CVE-2012-5226

01 Oct 2012 — Multiple cross-site scripting (XSS) vulnerabilities in Peel SHOPPING 2.8 and 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) motclef parameter to achat/recherche.php or (2) PATH_INFO to index.php. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Peel SHOPPING v2.8 y v2.9, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro (1) motclef a achat/recherche.php o (2) PATH_INFO a index.php. • https://www.exploit-db.com/exploits/18422 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3

CVE-2012-5227 – Peel Shopping 2.8/ 2.9 - Cross-Site Scripting / SQL Injections

https://notcve.org/view.php?id=CVE-2012-5227

01 Oct 2012 — SQL injection vulnerability in administrer/tva.php in Peel SHOPPING 2.8 and 2.9 allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en administrer/tva.php en Peel SHOPPING v2.8 y v2.9, permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro id. • https://www.exploit-db.com/exploits/18422 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2

CVE-2008-6892 – Peel Shopping 3.1 - 'rubid' SQL Injection

https://notcve.org/view.php?id=CVE-2008-6892

03 Aug 2009 — SQL injection vulnerability in lire/index.php in Peel 3.1 allows remote attackers to execute arbitrary SQL commands via the rubid parameter. NOTE: this might be the same issue as CVE-2005-3572. Vulnerabilidad de inyección SQL en lire/index.php en Peel v3.1 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro "rubid". NOTA: podría tratarse de la misma vulnerabilidad que CVE-2005-3572. • https://www.exploit-db.com/exploits/7395 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 2

CVE-2008-1506 – PEEL CMS 3.x - Admin Hash Extraction / Arbitrary File Upload

https://notcve.org/view.php?id=CVE-2008-1506

25 Mar 2008 — PEEL, possibly 3.x and earlier, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. PEEL, posiblemente 3.x y versiones anteriores, permite a atacantes remotos obtener información de configuración mediante una petición directa a phpinfo.php, que realiza una llamada a la función phpinfo. • https://www.exploit-db.com/exploits/5281 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

1 2