ecommerce-website_project CVE Vulnerabilities & CVE List (5)

Products (CPE): — CVEs: 5

ecommerce-website_project vulnerability overview

Aggregates CVE and security vulnerability intelligence across all ecommerce-website_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Common weakness patterns include vendor risk cross-site scripting, with potential vendor impact session compromise across vendor surface production workloads and vendor surface software deployment use cases.

Vulnerability distribution trend (last 24 months)

CVE	Summary	Source	Max CVSS	EPSS %	Published	Updated
CVE-2022-45990	A cross-site scripting (XSS) vulnerability in the component /signup_script.php of Ecommerce-Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the eMail parameter.	[email protected]	6.1	0.36%	2022-12-05	2025-04-24
CVE-2022-27357	Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via /customer_register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.	[email protected]	9.8	3.39%	2022-04-08	2024-11-21
CVE-2022-27346	Ecommece-Website v1.1.0 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?slides. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.	[email protected]	8.8	2.94%	2022-04-08	2024-11-21
CVE-2022-27436	A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_user at Ecommerce-Website v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username text field.	[email protected]	4.8	0.46%	2022-04-04	2024-11-21
CVE-2022-27435	An unrestricted file upload at /public/admin/index.php?add_product of Ecommerce-Website v1.1.0 allows attackers to upload a webshell via the Product Image component.	[email protected]	8.8	0.57%	2022-04-04	2024-11-21

cvelogic Threat Intelligence