RSS   Vulnerabilities for 'Multistore'   RSS

2022-01-28
 
CVE-2021-46444

CWE-89
 
 
H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_group_edit&agID.

 
 
CVE-2021-46445

CWE-89
 
 
H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/categories.php?box_group_id.

 
 
CVE-2021-46446

CWE-89
 
 
H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_access_group_edit&aagID.

 
 
CVE-2021-46447

CWE-79
 
 
A cross-site scripting (XSS) vulnerability in H.H.G Multistore v5.1.0 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the State parameter under the Address Book module.

 
 
CVE-2021-46448

CWE-89
 
 
H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/customers.php?page=1&cID.

 

Copyright 2024, cxsecurity.com

 

Back to Top