Sparkshop: >> Sparkshop >> 1.1.5 Security Vulnerabilities
An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar file.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-02-24
SparkShop <=1.1.7 is vulnerable to server-side request forgery (SSRF). This vulnerability allows attacks to scan ports on the Intranet or local network where the server resides, attack applications running on the Intranet or local network, or read metadata on the cloud server.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-10-28
A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products.
CVSS Score
7.5
EPSS Score
0.0
Published
2024-10-09
File Upload vulnerability in Nanjin Xingyuantu Technology Co Sparkshop (Spark Mall B2C Mall v.1.1.6 and before allows a remote attacker to execute arbitrary code via the contorller/common.php component.
CVSS Score
9.8
EPSS Score
0.021
Published
2024-07-16