Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ecshop
(Shopex)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 14 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-06-16 | CVE-2020-22204 | SQL Injection in ECShop 2.7.6 via the goods_number parameter to flow.php. . | Ecshop | 9.8 | ||
| 2021-06-16 | CVE-2020-22205 | SQL Injection in ECShop 3.0 via the id parameter to admin/shophelp.php. | Ecshop | 9.8 | ||
| 2021-06-16 | CVE-2020-22206 | SQL Injection in ECShop 3.0 via the aid parameter to admin/affiliate_ck.php. | Ecshop | 9.8 | ||
| 2021-06-28 | CVE-2020-20640 | Cross Site Scripting (XSS) vulnerability in ECShop 4.0 due to security filtering issues, in the user.php file, we can use the html entity encoding to bypass the security policy of the safety.php file, triggering the xss vulnerability. | Ecshop | 6.1 |