Search criteria
15 vulnerabilities found for online_store_system by online_store_system_project
FKIE_CVE-2019-8288
Vulnerability from fkie_nvd - Published: 2019-10-01 20:15 - Updated: 2024-11-21 04:49
Severity ?
Summary
Vulnerability in Online Store v1.0, Stored XSS in user_view.php where adidas_member_user variable is not sanitized.
References
| URL | Tags | ||
|---|---|---|---|
| larry0@me.com | http://www.openwall.com/lists/oss-security/2019/10/02/1 | Exploit, Mailing List, Patch, Third Party Advisory | |
| larry0@me.com | http://www.vapidlabs.com/advisory.php?v=210 | Third Party Advisory | |
| larry0@me.com | https://www.abcprintf.com/view_download.php?id=17 | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2019/10/02/1 | Exploit, Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vapidlabs.com/advisory.php?v=210 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.abcprintf.com/view_download.php?id=17 | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| online_store_system_project | online_store_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:online_store_system_project:online_store_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C38EA240-9349-402E-BF93-8ACF3AFF4D8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in Online Store v1.0, Stored XSS in user_view.php where adidas_member_user variable is not sanitized."
},
{
"lang": "es",
"value": "Vulnerabilidad en Online Store versi\u00f3n v1.0, un problema de tipo XSS almacenado en el archivo user_view.php donde la variable adidas_member_user no est\u00e1 saneada."
}
],
"id": "CVE-2019-8288",
"lastModified": "2024-11-21T04:49:39.133",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-01T20:15:11.367",
"references": [
{
"source": "larry0@me.com",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
},
{
"source": "larry0@me.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"source": "larry0@me.com",
"tags": [
"Product"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
}
],
"sourceIdentifier": "larry0@me.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-8289
Vulnerability from fkie_nvd - Published: 2019-10-01 20:15 - Updated: 2024-11-21 04:49
Severity ?
Summary
Vulnerability in Online Store v1.0, stored XSS in admin/user_view.php adidas_member_email variable
References
| URL | Tags | ||
|---|---|---|---|
| larry0@me.com | http://www.openwall.com/lists/oss-security/2019/10/02/1 | Exploit, Mailing List, Third Party Advisory | |
| larry0@me.com | http://www.vapidlabs.com/advisory.php?v=210 | Exploit, Third Party Advisory | |
| larry0@me.com | https://www.abcprintf.com/view_download.php?id=17 | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2019/10/02/1 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vapidlabs.com/advisory.php?v=210 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.abcprintf.com/view_download.php?id=17 | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| online_store_system_project | online_store_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:online_store_system_project:online_store_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C38EA240-9349-402E-BF93-8ACF3AFF4D8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in Online Store v1.0, stored XSS in admin/user_view.php adidas_member_email variable"
},
{
"lang": "es",
"value": "Vulnerabilidad en Online Store versi\u00f3n v1.0, un problema de tipo XSS almacenado en la variable adidas_member_email en el archivo admin/user_view.php."
}
],
"id": "CVE-2019-8289",
"lastModified": "2024-11-21T04:49:39.243",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-01T20:15:11.430",
"references": [
{
"source": "larry0@me.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
},
{
"source": "larry0@me.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"source": "larry0@me.com",
"tags": [
"Product"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
}
],
"sourceIdentifier": "larry0@me.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-8290
Vulnerability from fkie_nvd - Published: 2019-10-01 20:15 - Updated: 2024-11-21 04:49
Severity ?
Summary
Vulnerability in Online Store v1.0, The registration form requirements for the member email format can be bypassed by posting directly to sent_register.php allowing special characters to be included and an XSS payload to be injected.
References
| URL | Tags | ||
|---|---|---|---|
| larry0@me.com | http://www.openwall.com/lists/oss-security/2019/10/02/1 | Exploit, Mailing List, Third Party Advisory | |
| larry0@me.com | http://www.vapidlabs.com/advisory.php?v=210 | Permissions Required, Third Party Advisory | |
| larry0@me.com | https://www.abcprintf.com/view_download.php?id=17 | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2019/10/02/1 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vapidlabs.com/advisory.php?v=210 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.abcprintf.com/view_download.php?id=17 | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| online_store_system_project | online_store_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:online_store_system_project:online_store_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C38EA240-9349-402E-BF93-8ACF3AFF4D8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in Online Store v1.0, The registration form requirements for the member email format can be bypassed by posting directly to sent_register.php allowing special characters to be included and an XSS payload to be injected."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Online Store versi\u00f3n v1.0, los requerimientos del formulario de registro para el formato de correo electr\u00f3nico de un miembro pueden ser omitidos mediante la publicaci\u00f3n directamente en el archivo sent_register.php permitiendo que sean incluidos caracteres especiales y sea inyectada una carga \u00fatil XSS."
}
],
"id": "CVE-2019-8290",
"lastModified": "2024-11-21T04:49:39.353",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-01T20:15:11.527",
"references": [
{
"source": "larry0@me.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
},
{
"source": "larry0@me.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"source": "larry0@me.com",
"tags": [
"Product"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
}
],
"sourceIdentifier": "larry0@me.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-8292
Vulnerability from fkie_nvd - Published: 2019-10-01 20:15 - Updated: 2024-11-21 04:49
Severity ?
Summary
Online Store System v1.0 delete_product.php doesn't check to see if a user authtenticated or has administrative rights allowing arbitrary product deletion.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| online_store_system_project | online_store_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:online_store_system_project:online_store_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C38EA240-9349-402E-BF93-8ACF3AFF4D8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Online Store System v1.0 delete_product.php doesn\u0027t check to see if a user authtenticated or has administrative rights allowing arbitrary product deletion."
},
{
"lang": "es",
"value": "El archivo delete_product.php en Online Store System versi\u00f3n v1.0, no comprueba para visualizar si un usuario es autenticado o tiene derechos administrativos, permitiendo la eliminaci\u00f3n arbitraria del producto."
}
],
"id": "CVE-2019-8292",
"lastModified": "2024-11-21T04:49:39.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-01T20:15:11.713",
"references": [
{
"source": "larry0@me.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
},
{
"source": "larry0@me.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/23/1"
},
{
"source": "larry0@me.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/23/2"
},
{
"source": "larry0@me.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"source": "larry0@me.com",
"tags": [
"Product"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/23/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/23/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
}
],
"sourceIdentifier": "larry0@me.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-8291
Vulnerability from fkie_nvd - Published: 2019-10-01 20:15 - Updated: 2024-11-21 04:49
Severity ?
Summary
Online Store System v1.0 delete_file.php doesn't check to see if a user has administrative rights nor does it check for path traversal.
References
| URL | Tags | ||
|---|---|---|---|
| larry0@me.com | http://www.openwall.com/lists/oss-security/2019/10/02/1 | Exploit, Mailing List, Third Party Advisory | |
| larry0@me.com | http://www.vapidlabs.com/advisory.php?v=210 | Permissions Required, Third Party Advisory | |
| larry0@me.com | https://www.abcprintf.com/view_download.php?id=17 | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2019/10/02/1 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vapidlabs.com/advisory.php?v=210 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.abcprintf.com/view_download.php?id=17 | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| online_store_system_project | online_store_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:online_store_system_project:online_store_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C38EA240-9349-402E-BF93-8ACF3AFF4D8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Online Store System v1.0 delete_file.php doesn\u0027t check to see if a user has administrative rights nor does it check for path traversal."
},
{
"lang": "es",
"value": "El archivo delete_file.php en Online Store System versi\u00f3n v1.0, no comprueba si un usuario posee derechos administrativos ni comprueba un salto de ruta."
}
],
"id": "CVE-2019-8291",
"lastModified": "2024-11-21T04:49:39.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-01T20:15:11.603",
"references": [
{
"source": "larry0@me.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
},
{
"source": "larry0@me.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"source": "larry0@me.com",
"tags": [
"Product"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
}
],
"sourceIdentifier": "larry0@me.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-8289 (GCVE-0-2019-8289)
Vulnerability from cvelistv5 – Published: 2019-10-01 19:53 – Updated: 2024-08-04 21:17
VLAI?
Summary
Vulnerability in Online Store v1.0, stored XSS in admin/user_view.php adidas_member_email variable
Severity ?
No CVSS data available.
CWE
- Online store system v1.0 Stored XSS.
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| abcprintf | Online Store |
Affected:
unspecified , ≤ 1.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:31.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Online Store",
"vendor": "abcprintf",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2019-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in Online Store v1.0, stored XSS in admin/user_view.php adidas_member_email variable"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Online store system v1.0 Stored XSS.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-02T14:06:05",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2019-09-18",
"ID": "CVE-2019-8289",
"REQUESTER": "cve-request@mitre.org",
"STATE": "PUBLIC",
"UPDATED": "2019-09-11T12:11Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Online Store",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "abcprintf"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in Online Store v1.0, stored XSS in admin/user_view.php adidas_member_email variable"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Online store system v1.0 Stored XSS."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=210",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"name": "https://www.abcprintf.com/view_download.php?id=17",
"refsource": "MISC",
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2019-8289",
"datePublished": "2019-10-01T19:53:28",
"dateReserved": "2019-02-12T00:00:00",
"dateUpdated": "2024-08-04T21:17:31.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8288 (GCVE-0-2019-8288)
Vulnerability from cvelistv5 – Published: 2019-10-01 19:53 – Updated: 2024-08-04 21:17
VLAI?
Summary
Vulnerability in Online Store v1.0, Stored XSS in user_view.php where adidas_member_user variable is not sanitized.
Severity ?
No CVSS data available.
CWE
- Online store system v1.0 Stored XSS
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| abcprintf | Online Store |
Affected:
unspecified , ≤ 1.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:30.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Online Store",
"vendor": "abcprintf",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2019-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in Online Store v1.0, Stored XSS in user_view.php where adidas_member_user variable is not sanitized."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Online store system v1.0 Stored XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-02T14:06:03",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2019-09-18",
"ID": "CVE-2019-8288",
"REQUESTER": "cve-request@mitre.org",
"STATE": "PUBLIC",
"UPDATED": "2019-09-11T12:11Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Online Store",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "abcprintf"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in Online Store v1.0, Stored XSS in user_view.php where adidas_member_user variable is not sanitized."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Online store system v1.0 Stored XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=210",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"name": "https://www.abcprintf.com/view_download.php?id=17",
"refsource": "MISC",
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2019-8288",
"datePublished": "2019-10-01T19:53:28",
"dateReserved": "2019-02-12T00:00:00",
"dateUpdated": "2024-08-04T21:17:30.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8291 (GCVE-0-2019-8291)
Vulnerability from cvelistv5 – Published: 2019-10-01 19:53 – Updated: 2024-08-04 21:17
VLAI?
Summary
Online Store System v1.0 delete_file.php doesn't check to see if a user has administrative rights nor does it check for path traversal.
Severity ?
No CVSS data available.
CWE
- unauthenticated arbitrary file deletions via path traversal
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| abcprintf | Online Store |
Affected:
unspecified , ≤ 1.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:31.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Online Store",
"vendor": "abcprintf",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2019-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Online Store System v1.0 delete_file.php doesn\u0027t check to see if a user has administrative rights nor does it check for path traversal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unauthenticated arbitrary file deletions via path traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-02T14:06:04",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2019-09-18",
"ID": "CVE-2019-8291",
"REQUESTER": "cve-request@mitre.org",
"STATE": "PUBLIC",
"UPDATED": "2019-09-11T12:11Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Online Store",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "abcprintf"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Online Store System v1.0 delete_file.php doesn\u0027t check to see if a user has administrative rights nor does it check for path traversal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unauthenticated arbitrary file deletions via path traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=210",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"name": "https://www.abcprintf.com/view_download.php?id=17",
"refsource": "MISC",
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2019-8291",
"datePublished": "2019-10-01T19:53:28",
"dateReserved": "2019-02-12T00:00:00",
"dateUpdated": "2024-08-04T21:17:31.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8290 (GCVE-0-2019-8290)
Vulnerability from cvelistv5 – Published: 2019-10-01 19:53 – Updated: 2024-08-04 21:17
VLAI?
Summary
Vulnerability in Online Store v1.0, The registration form requirements for the member email format can be bypassed by posting directly to sent_register.php allowing special characters to be included and an XSS payload to be injected.
Severity ?
No CVSS data available.
CWE
- User input not sanitized in sent_register.php.
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| abcprintf | Online Store |
Affected:
unspecified , ≤ 1.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:30.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Online Store",
"vendor": "abcprintf",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2019-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in Online Store v1.0, The registration form requirements for the member email format can be bypassed by posting directly to sent_register.php allowing special characters to be included and an XSS payload to be injected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "User input not sanitized in sent_register.php.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-02T14:06:02",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2019-09-18",
"ID": "CVE-2019-8290",
"REQUESTER": "cve-request@mitre.org",
"STATE": "PUBLIC",
"UPDATED": "2019-09-11T12:11Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Online Store",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "abcprintf"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in Online Store v1.0, The registration form requirements for the member email format can be bypassed by posting directly to sent_register.php allowing special characters to be included and an XSS payload to be injected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "User input not sanitized in sent_register.php."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=210",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"name": "https://www.abcprintf.com/view_download.php?id=17",
"refsource": "MISC",
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2019-8290",
"datePublished": "2019-10-01T19:53:28",
"dateReserved": "2019-02-12T00:00:00",
"dateUpdated": "2024-08-04T21:17:30.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8292 (GCVE-0-2019-8292)
Vulnerability from cvelistv5 – Published: 2019-10-01 19:53 – Updated: 2024-08-04 21:17
VLAI?
Summary
Online Store System v1.0 delete_product.php doesn't check to see if a user authtenticated or has administrative rights allowing arbitrary product deletion.
Severity ?
No CVSS data available.
CWE
- unauthenticated arbitrary product deletions.
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| abcprintf | Online Store |
Affected:
unspecified , ≤ 1.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:30.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
},
{
"name": "[oss-security] 20191223 Arbitrary file upload vulnerability in upload-image-with-ajax v1.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/23/1"
},
{
"name": "[oss-security] 20191223 Re: Arbitrary file upload vulnerability in upload-image-with-ajax v1.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/23/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Online Store",
"vendor": "abcprintf",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2019-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Online Store System v1.0 delete_product.php doesn\u0027t check to see if a user authtenticated or has administrative rights allowing arbitrary product deletion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unauthenticated arbitrary product deletions.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-24T00:06:04",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
},
{
"name": "[oss-security] 20191223 Arbitrary file upload vulnerability in upload-image-with-ajax v1.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/23/1"
},
{
"name": "[oss-security] 20191223 Re: Arbitrary file upload vulnerability in upload-image-with-ajax v1.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/23/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2019-09-18",
"ID": "CVE-2019-8292",
"REQUESTER": "cve-request@mitre.org",
"STATE": "PUBLIC",
"UPDATED": "2019-09-11T12:11Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Online Store",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "abcprintf"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Online Store System v1.0 delete_product.php doesn\u0027t check to see if a user authtenticated or has administrative rights allowing arbitrary product deletion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unauthenticated arbitrary product deletions."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=210",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"name": "https://www.abcprintf.com/view_download.php?id=17",
"refsource": "MISC",
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
},
{
"name": "[oss-security] 20191223 Arbitrary file upload vulnerability in upload-image-with-ajax v1.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/12/23/1"
},
{
"name": "[oss-security] 20191223 Re: Arbitrary file upload vulnerability in upload-image-with-ajax v1.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/12/23/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2019-8292",
"datePublished": "2019-10-01T19:53:28",
"dateReserved": "2019-02-12T00:00:00",
"dateUpdated": "2024-08-04T21:17:30.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8289 (GCVE-0-2019-8289)
Vulnerability from nvd – Published: 2019-10-01 19:53 – Updated: 2024-08-04 21:17
VLAI?
Summary
Vulnerability in Online Store v1.0, stored XSS in admin/user_view.php adidas_member_email variable
Severity ?
No CVSS data available.
CWE
- Online store system v1.0 Stored XSS.
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| abcprintf | Online Store |
Affected:
unspecified , ≤ 1.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:31.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Online Store",
"vendor": "abcprintf",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2019-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in Online Store v1.0, stored XSS in admin/user_view.php adidas_member_email variable"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Online store system v1.0 Stored XSS.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-02T14:06:05",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2019-09-18",
"ID": "CVE-2019-8289",
"REQUESTER": "cve-request@mitre.org",
"STATE": "PUBLIC",
"UPDATED": "2019-09-11T12:11Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Online Store",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "abcprintf"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in Online Store v1.0, stored XSS in admin/user_view.php adidas_member_email variable"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Online store system v1.0 Stored XSS."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=210",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"name": "https://www.abcprintf.com/view_download.php?id=17",
"refsource": "MISC",
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2019-8289",
"datePublished": "2019-10-01T19:53:28",
"dateReserved": "2019-02-12T00:00:00",
"dateUpdated": "2024-08-04T21:17:31.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8288 (GCVE-0-2019-8288)
Vulnerability from nvd – Published: 2019-10-01 19:53 – Updated: 2024-08-04 21:17
VLAI?
Summary
Vulnerability in Online Store v1.0, Stored XSS in user_view.php where adidas_member_user variable is not sanitized.
Severity ?
No CVSS data available.
CWE
- Online store system v1.0 Stored XSS
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| abcprintf | Online Store |
Affected:
unspecified , ≤ 1.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:30.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Online Store",
"vendor": "abcprintf",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2019-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in Online Store v1.0, Stored XSS in user_view.php where adidas_member_user variable is not sanitized."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Online store system v1.0 Stored XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-02T14:06:03",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2019-09-18",
"ID": "CVE-2019-8288",
"REQUESTER": "cve-request@mitre.org",
"STATE": "PUBLIC",
"UPDATED": "2019-09-11T12:11Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Online Store",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "abcprintf"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in Online Store v1.0, Stored XSS in user_view.php where adidas_member_user variable is not sanitized."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Online store system v1.0 Stored XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=210",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"name": "https://www.abcprintf.com/view_download.php?id=17",
"refsource": "MISC",
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2019-8288",
"datePublished": "2019-10-01T19:53:28",
"dateReserved": "2019-02-12T00:00:00",
"dateUpdated": "2024-08-04T21:17:30.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8291 (GCVE-0-2019-8291)
Vulnerability from nvd – Published: 2019-10-01 19:53 – Updated: 2024-08-04 21:17
VLAI?
Summary
Online Store System v1.0 delete_file.php doesn't check to see if a user has administrative rights nor does it check for path traversal.
Severity ?
No CVSS data available.
CWE
- unauthenticated arbitrary file deletions via path traversal
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| abcprintf | Online Store |
Affected:
unspecified , ≤ 1.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:31.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Online Store",
"vendor": "abcprintf",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2019-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Online Store System v1.0 delete_file.php doesn\u0027t check to see if a user has administrative rights nor does it check for path traversal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unauthenticated arbitrary file deletions via path traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-02T14:06:04",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2019-09-18",
"ID": "CVE-2019-8291",
"REQUESTER": "cve-request@mitre.org",
"STATE": "PUBLIC",
"UPDATED": "2019-09-11T12:11Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Online Store",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "abcprintf"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Online Store System v1.0 delete_file.php doesn\u0027t check to see if a user has administrative rights nor does it check for path traversal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unauthenticated arbitrary file deletions via path traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=210",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"name": "https://www.abcprintf.com/view_download.php?id=17",
"refsource": "MISC",
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2019-8291",
"datePublished": "2019-10-01T19:53:28",
"dateReserved": "2019-02-12T00:00:00",
"dateUpdated": "2024-08-04T21:17:31.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8290 (GCVE-0-2019-8290)
Vulnerability from nvd – Published: 2019-10-01 19:53 – Updated: 2024-08-04 21:17
VLAI?
Summary
Vulnerability in Online Store v1.0, The registration form requirements for the member email format can be bypassed by posting directly to sent_register.php allowing special characters to be included and an XSS payload to be injected.
Severity ?
No CVSS data available.
CWE
- User input not sanitized in sent_register.php.
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| abcprintf | Online Store |
Affected:
unspecified , ≤ 1.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:30.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Online Store",
"vendor": "abcprintf",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2019-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in Online Store v1.0, The registration form requirements for the member email format can be bypassed by posting directly to sent_register.php allowing special characters to be included and an XSS payload to be injected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "User input not sanitized in sent_register.php.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-02T14:06:02",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2019-09-18",
"ID": "CVE-2019-8290",
"REQUESTER": "cve-request@mitre.org",
"STATE": "PUBLIC",
"UPDATED": "2019-09-11T12:11Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Online Store",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "abcprintf"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in Online Store v1.0, The registration form requirements for the member email format can be bypassed by posting directly to sent_register.php allowing special characters to be included and an XSS payload to be injected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "User input not sanitized in sent_register.php."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=210",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"name": "https://www.abcprintf.com/view_download.php?id=17",
"refsource": "MISC",
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2019-8290",
"datePublished": "2019-10-01T19:53:28",
"dateReserved": "2019-02-12T00:00:00",
"dateUpdated": "2024-08-04T21:17:30.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8292 (GCVE-0-2019-8292)
Vulnerability from nvd – Published: 2019-10-01 19:53 – Updated: 2024-08-04 21:17
VLAI?
Summary
Online Store System v1.0 delete_product.php doesn't check to see if a user authtenticated or has administrative rights allowing arbitrary product deletion.
Severity ?
No CVSS data available.
CWE
- unauthenticated arbitrary product deletions.
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| abcprintf | Online Store |
Affected:
unspecified , ≤ 1.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:30.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
},
{
"name": "[oss-security] 20191223 Arbitrary file upload vulnerability in upload-image-with-ajax v1.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/23/1"
},
{
"name": "[oss-security] 20191223 Re: Arbitrary file upload vulnerability in upload-image-with-ajax v1.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/23/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Online Store",
"vendor": "abcprintf",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2019-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Online Store System v1.0 delete_product.php doesn\u0027t check to see if a user authtenticated or has administrative rights allowing arbitrary product deletion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unauthenticated arbitrary product deletions.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-24T00:06:04",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
},
{
"name": "[oss-security] 20191223 Arbitrary file upload vulnerability in upload-image-with-ajax v1.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/23/1"
},
{
"name": "[oss-security] 20191223 Re: Arbitrary file upload vulnerability in upload-image-with-ajax v1.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/23/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2019-09-18",
"ID": "CVE-2019-8292",
"REQUESTER": "cve-request@mitre.org",
"STATE": "PUBLIC",
"UPDATED": "2019-09-11T12:11Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Online Store",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "abcprintf"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Online Store System v1.0 delete_product.php doesn\u0027t check to see if a user authtenticated or has administrative rights allowing arbitrary product deletion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unauthenticated arbitrary product deletions."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=210",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"name": "https://www.abcprintf.com/view_download.php?id=17",
"refsource": "MISC",
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
},
{
"name": "[oss-security] 20191223 Arbitrary file upload vulnerability in upload-image-with-ajax v1.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/12/23/1"
},
{
"name": "[oss-security] 20191223 Re: Arbitrary file upload vulnerability in upload-image-with-ajax v1.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/12/23/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2019-8292",
"datePublished": "2019-10-01T19:53:28",
"dateReserved": "2019-02-12T00:00:00",
"dateUpdated": "2024-08-04T21:17:30.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}