RSS   Vulnerabilities for 'CP'   RSS

2018-06-29
 
CVE-2018-13001

CWE-79
 

 
An XSS issue was discovered in Sandoba CP:Shop v2016.1. The vulnerability is located in the `admin.php` file of the `./cpshop/` module. Remote attackers are able to inject their own script codes to the client-side requested vulnerable web-application parameters. The attack vector of the vulnerability is non-persistent and the request method to inject/execute is GET with the path, search, rename, or dir parameter.

 


Copyright 2019, cxsecurity.com

 

Back to Top