RSS   Vulnerabilities for 'Peel shopping'   RSS

2022-06-15
 
CVE-2021-41672

CWE-89
 

 
PEEL Shopping CMS 9.4.0 is vulnerable to authenticated SQL injection in utilisateurs.php. A user that belongs to the administrator group can inject a malicious SQL query in order to affect the execution logic of the application and retrive information from the database.

 
2021-02-12
 
CVE-2021-27190

CWE-79
 

 
A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEEL SHOPPING 9.3.0 which is publicly available. The user supplied input containing polyglot payload is echoed back in javascript code in HTML response. This allows an attacker to input malicious JavaScript which can steal cookie, redirect them to other malicious website, etc.

 
2012-10-01
 
CVE-2012-5227

CWE-89
 

 
SQL injection vulnerability in administrer/tva.php in Peel SHOPPING 2.8 and 2.9 allows remote attackers to execute arbitrary SQL commands via the id parameter.

 
 
CVE-2012-5226

CWE-79
 

 
Multiple cross-site scripting (XSS) vulnerabilities in Peel SHOPPING 2.8 and 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) motclef parameter to achat/recherche.php or (2) PATH_INFO to index.php.

 

 >>> Vendor: PEEL 2 Products
PEEL
Peel shopping


Copyright 2022, cxsecurity.com

 

Back to Top