Vulnerabilities (CVE)

Filtered by vendor Shopwind Subscribe
Filtered by product Shopwind
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-43321 1 Shopwind 1 Shopwind 2024-02-28 N/A 6.1 MEDIUM
Shopwind v3.4.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the component /common/library/Page.php.
CVE-2022-30452 1 Shopwind 1 Shopwind 2024-02-28 6.5 MEDIUM 7.2 HIGH
ShopWind <= v3.4.2 has a Sql injection vulnerability in Database.php
CVE-2022-30058 1 Shopwind 1 Shopwind 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Download vulnerability via the neirong parameter at \backend\controllers\DbController.php.
CVE-2022-30059 1 Shopwind 1 Shopwind 2024-02-28 5.5 MEDIUM 6.5 MEDIUM
Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Delete vulnerability via the neirong parameter at \backend\controllers\DbController.php.
CVE-2022-30453 1 Shopwind 1 Shopwind 2024-02-28 7.5 HIGH 9.8 CRITICAL
ShopWind <= 3.4.2 has a RCE vulnerability in Database.php
CVE-2022-30057 1 Shopwind 1 Shopwind 2024-02-28 3.5 LOW 5.4 MEDIUM
Shopwind <=v3.4.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability.