Shodan
Vulnerabilities
Vulnerable Software
Online Pet Shop We App Project:  >> Online Pet Shop We App  Security Vulnerabilities
CVE-2023-1042
A vulnerability has been found in SourceCodester Online Pet Shop We App 1.0 and classified as problematic. This vulnerability affects unknown code of the file /pet_shop/admin/orders/update_status.php. The manipulation of the argument oid with the input 1"><script>alert(1111)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221800.
CVSS Score
3.5
EPSS Score
0.001
Published
2023-02-26
CVE-2022-39977
Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the User module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload point.
CVSS Score
7.2
EPSS Score
0.002
Published
2022-10-27
CVE-2022-39978
Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the Product List module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload point.
CVSS Score
7.2
EPSS Score
0.002
Published
2022-10-27
CVE-2022-41407
Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-10-12
CVE-2022-41408
Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-10-12
CVE-2022-41377
Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=maintenance/manage_category.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-10-07
CVE-2022-41378
Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=inventory/manage_inventory.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-10-07
CVE-2021-35458
Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in products.php (aka p=products) via the c or s parameter.
CVSS Score
9.8
EPSS Score
0.006
Published
2021-07-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved