Search criteria
18 vulnerabilities found for shop_beat_media_player by shopbeat
FKIE_CVE-2022-36250
Vulnerability from fkie_nvd - Published: 2023-05-30 20:15 - Updated: 2025-01-13 21:15
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Cross Site Request Forgery (CSRF).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| shopbeat | shop_beat_media_player | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:shopbeat:shop_beat_media_player:*:*:*:*:*:*:arm:*",
"matchCriteriaId": "C54277DA-6740-4A03-AA80-3546DDD4D17E",
"versionEndExcluding": "3.2.57",
"versionStartIncluding": "2.5.95",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Cross Site Request Forgery (CSRF)."
}
],
"id": "CVE-2022-36250",
"lastModified": "2025-01-13T21:15:09.643",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-05-30T20:15:09.880",
"references": [
{
"source": "support@shopbeat.co.za",
"tags": [
"Product"
],
"url": "https://www.shopbeat.co.za"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.shopbeat.co.za"
}
],
"sourceIdentifier": "support@shopbeat.co.za",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "support@shopbeat.co.za",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-36249
Vulnerability from fkie_nvd - Published: 2023-05-30 20:15 - Updated: 2025-01-13 21:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs. For Controlpanel Lite. "After login we are directly able to use the bearer token or jsession ID to access the apis instead of entering the 2FA code. Thus, leading to bypass of 2FA on API level.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| shopbeat | shop_beat_media_player | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:shopbeat:shop_beat_media_player:*:*:*:*:*:*:arm:*",
"matchCriteriaId": "C54277DA-6740-4A03-AA80-3546DDD4D17E",
"versionEndExcluding": "3.2.57",
"versionStartIncluding": "2.5.95",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs. For Controlpanel Lite. \"After login we are directly able to use the bearer token or jsession ID to access the apis instead of entering the 2FA code. Thus, leading to bypass of 2FA on API level."
}
],
"id": "CVE-2022-36249",
"lastModified": "2025-01-13T21:15:09.390",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-05-30T20:15:09.823",
"references": [
{
"source": "support@shopbeat.co.za",
"tags": [
"Product"
],
"url": "https://www.shopbeat.co.za"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.shopbeat.co.za"
}
],
"sourceIdentifier": "support@shopbeat.co.za",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-288"
}
],
"source": "support@shopbeat.co.za",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-36244
Vulnerability from fkie_nvd - Published: 2023-05-30 20:15 - Updated: 2025-01-13 21:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 suffers from Multiple Stored Cross-Site Scripting (XSS) vulnerabilities via Shop Beat Control Panel found at www.shopbeat.co.za controlpanel.shopbeat.co.za.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| shopbeat | shop_beat_media_player | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:shopbeat:shop_beat_media_player:*:*:*:*:*:*:arm:*",
"matchCriteriaId": "C54277DA-6740-4A03-AA80-3546DDD4D17E",
"versionEndExcluding": "3.2.57",
"versionStartIncluding": "2.5.95",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 suffers from Multiple Stored Cross-Site Scripting (XSS) vulnerabilities via Shop Beat Control Panel found at www.shopbeat.co.za controlpanel.shopbeat.co.za."
}
],
"id": "CVE-2022-36244",
"lastModified": "2025-01-13T21:15:08.557",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-05-30T20:15:09.660",
"references": [
{
"source": "support@shopbeat.co.za",
"tags": [
"Product"
],
"url": "https://www.shopbeat.co.za"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.shopbeat.co.za"
}
],
"sourceIdentifier": "support@shopbeat.co.za",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "support@shopbeat.co.za",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-36247
Vulnerability from fkie_nvd - Published: 2023-05-30 20:15 - Updated: 2025-01-13 21:15
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to IDOR via controlpanel.shopbeat.co.za.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| shopbeat | shop_beat_media_player | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:shopbeat:shop_beat_media_player:*:*:*:*:*:*:arm:*",
"matchCriteriaId": "C54277DA-6740-4A03-AA80-3546DDD4D17E",
"versionEndExcluding": "3.2.57",
"versionStartIncluding": "2.5.95",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to IDOR via controlpanel.shopbeat.co.za."
}
],
"id": "CVE-2022-36247",
"lastModified": "2025-01-13T21:15:09.073",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-05-30T20:15:09.780",
"references": [
{
"source": "support@shopbeat.co.za",
"tags": [
"Product"
],
"url": "https://www.shopbeat.co.za"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.shopbeat.co.za"
}
],
"sourceIdentifier": "support@shopbeat.co.za",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-36243
Vulnerability from fkie_nvd - Published: 2023-05-30 20:15 - Updated: 2025-01-13 21:15
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Shop Beat Solutions (pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Directory Traversal via server.shopbeat.co.za. Information Exposure Through Directory Listing vulnerability in "studio" software of Shop Beat. This issue affects: Shop Beat studio studio versions prior to 3.2.57 on arm.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| shopbeat | shop_beat_media_player | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:shopbeat:shop_beat_media_player:*:*:*:*:*:*:arm:*",
"matchCriteriaId": "C54277DA-6740-4A03-AA80-3546DDD4D17E",
"versionEndExcluding": "3.2.57",
"versionStartIncluding": "2.5.95",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Shop Beat Solutions (pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Directory Traversal via server.shopbeat.co.za. Information Exposure Through Directory Listing vulnerability in \"studio\" software of Shop Beat. This issue affects: Shop Beat studio studio versions prior to 3.2.57 on arm."
}
],
"id": "CVE-2022-36243",
"lastModified": "2025-01-13T21:15:08.213",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-05-30T20:15:09.587",
"references": [
{
"source": "support@shopbeat.co.za",
"tags": [
"Product"
],
"url": "https://www.shopbeat.co.za"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.shopbeat.co.za"
}
],
"sourceIdentifier": "support@shopbeat.co.za",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-548"
}
],
"source": "support@shopbeat.co.za",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-36246
Vulnerability from fkie_nvd - Published: 2023-05-30 20:15 - Updated: 2025-01-13 21:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Insecure Permissions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| shopbeat | shop_beat_media_player | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:shopbeat:shop_beat_media_player:*:*:*:*:*:*:arm:*",
"matchCriteriaId": "C54277DA-6740-4A03-AA80-3546DDD4D17E",
"versionEndExcluding": "3.2.57",
"versionStartIncluding": "2.5.95",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Insecure Permissions."
}
],
"id": "CVE-2022-36246",
"lastModified": "2025-01-13T21:15:08.783",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-05-30T20:15:09.720",
"references": [
{
"source": "support@shopbeat.co.za",
"tags": [
"Product"
],
"url": "https://www.shopbeat.co.za"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.shopbeat.co.za"
}
],
"sourceIdentifier": "support@shopbeat.co.za",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "support@shopbeat.co.za",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-36250 (GCVE-0-2022-36250)
Vulnerability from cvelistv5 – Published: 2023-05-30 00:00 – Updated: 2025-01-13 20:50
VLAI?
Title
Cross Site Request Forgery on Shop Beat Services
Summary
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Cross Site Request Forgery (CSRF).
Severity ?
8.8 (High)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
Shop Beat thanks Emirates National Oil Company Limited (ENOC) LLC for the above discovery.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:00:04.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.shopbeat.co.za"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-36250",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T20:50:25.904838Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T20:50:36.099Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"arm"
],
"product": "studio",
"vendor": "Shop Beat",
"versions": [
{
"lessThan": "3.2.57",
"status": "affected",
"version": "studio",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Shop Beat thanks Emirates National Oil Company Limited (ENOC) LLC for the above discovery."
}
],
"datePublic": "2023-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Cross Site Request Forgery (CSRF)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-30T00:00:00",
"orgId": "d3f162d7-5820-4c58-beef-03f43baaf8ad",
"shortName": "ShopBeat"
},
"references": [
{
"url": "https://www.shopbeat.co.za"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Cross Site Request Forgery on Shop Beat Services",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "d3f162d7-5820-4c58-beef-03f43baaf8ad",
"assignerShortName": "ShopBeat",
"cveId": "CVE-2022-36250",
"datePublished": "2023-05-30T00:00:00",
"dateReserved": "2022-07-18T00:00:00",
"dateUpdated": "2025-01-13T20:50:36.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36247 (GCVE-0-2022-36247)
Vulnerability from cvelistv5 – Published: 2023-05-30 00:00 – Updated: 2025-01-13 20:53
VLAI?
Title
Shop Beat Services Vulnerable To IDOR
Summary
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to IDOR via controlpanel.shopbeat.co.za.
Severity ?
9.1 (Critical)
CWE
- By modifying IDOR data on controlpanel.shopbeat.co.za an attacker could manipulate unauthorised assets.
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
Shop Beat thanks Emirates National Oil Company Limited (ENOC) LLC for the above discovery.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:00:04.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.shopbeat.co.za"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-36247",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T20:53:17.166252Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T20:53:20.516Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"arm"
],
"product": "studio",
"vendor": "Shop Beat",
"versions": [
{
"lessThan": "3.2.57",
"status": "affected",
"version": "studio",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Shop Beat thanks Emirates National Oil Company Limited (ENOC) LLC for the above discovery."
}
],
"datePublic": "2023-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to IDOR via controlpanel.shopbeat.co.za."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "By modifying IDOR data on controlpanel.shopbeat.co.za an attacker could manipulate unauthorised assets.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-30T00:00:00",
"orgId": "d3f162d7-5820-4c58-beef-03f43baaf8ad",
"shortName": "ShopBeat"
},
"references": [
{
"url": "https://www.shopbeat.co.za"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Shop Beat Services Vulnerable To IDOR",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "d3f162d7-5820-4c58-beef-03f43baaf8ad",
"assignerShortName": "ShopBeat",
"cveId": "CVE-2022-36247",
"datePublished": "2023-05-30T00:00:00",
"dateReserved": "2022-07-18T00:00:00",
"dateUpdated": "2025-01-13T20:53:20.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36249 (GCVE-0-2022-36249)
Vulnerability from cvelistv5 – Published: 2023-05-30 00:00 – Updated: 2025-01-13 20:51
VLAI?
Title
Shop Beat Services Vulnerable To Bypass 2FA via APIs
Summary
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs. For Controlpanel Lite. "After login we are directly able to use the bearer token or jsession ID to access the apis instead of entering the 2FA code. Thus, leading to bypass of 2FA on API level.
Severity ?
5.4 (Medium)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
Shop Beat thanks Emirates National Oil Company Limited (ENOC) LLC for the above discovery.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:00:04.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.shopbeat.co.za"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-36249",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T20:51:16.299285Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T20:51:29.627Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"arm"
],
"product": "studio",
"vendor": "Shop Beat",
"versions": [
{
"lessThan": "3.2.57",
"status": "affected",
"version": "studio",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Shop Beat thanks Emirates National Oil Company Limited (ENOC) LLC for the above discovery."
}
],
"datePublic": "2023-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs. For Controlpanel Lite. \"After login we are directly able to use the bearer token or jsession ID to access the apis instead of entering the 2FA code. Thus, leading to bypass of 2FA on API level."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-30T00:00:00",
"orgId": "d3f162d7-5820-4c58-beef-03f43baaf8ad",
"shortName": "ShopBeat"
},
"references": [
{
"url": "https://www.shopbeat.co.za"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Shop Beat Services Vulnerable To Bypass 2FA via APIs",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "d3f162d7-5820-4c58-beef-03f43baaf8ad",
"assignerShortName": "ShopBeat",
"cveId": "CVE-2022-36249",
"datePublished": "2023-05-30T00:00:00",
"dateReserved": "2022-07-18T00:00:00",
"dateUpdated": "2025-01-13T20:51:29.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36246 (GCVE-0-2022-36246)
Vulnerability from cvelistv5 – Published: 2023-05-30 00:00 – Updated: 2025-01-13 20:54
VLAI?
Title
Shop Beat Services Vulnerable To Insecure Permissions
Summary
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Insecure Permissions.
Severity ?
9.8 (Critical)
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
Shop Beat thanks Emirates National Oil Company Limited (ENOC) LLC for the above discovery.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:00:04.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.shopbeat.co.za"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-36246",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T20:53:44.152916Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T20:54:08.746Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"arm"
],
"product": "studio",
"vendor": "Shop Beat",
"versions": [
{
"lessThan": "3.2.57",
"status": "affected",
"version": "studio",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Shop Beat thanks Emirates National Oil Company Limited (ENOC) LLC for the above discovery."
}
],
"datePublic": "2023-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Insecure Permissions."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-30T00:00:00",
"orgId": "d3f162d7-5820-4c58-beef-03f43baaf8ad",
"shortName": "ShopBeat"
},
"references": [
{
"url": "https://www.shopbeat.co.za"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Shop Beat Services Vulnerable To Insecure Permissions",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "d3f162d7-5820-4c58-beef-03f43baaf8ad",
"assignerShortName": "ShopBeat",
"cveId": "CVE-2022-36246",
"datePublished": "2023-05-30T00:00:00",
"dateReserved": "2022-07-18T00:00:00",
"dateUpdated": "2025-01-13T20:54:08.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36244 (GCVE-0-2022-36244)
Vulnerability from cvelistv5 – Published: 2023-05-30 00:00 – Updated: 2025-01-13 20:55
VLAI?
Title
Multiple Stored Cross-Site Scripting Vulnerabilities on Shop Beat Services
Summary
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 suffers from Multiple Stored Cross-Site Scripting (XSS) vulnerabilities via Shop Beat Control Panel found at www.shopbeat.co.za controlpanel.shopbeat.co.za.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
Shop Beat thanks Emirates National Oil Company Limited (ENOC) LLC for the above discovery.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:00:04.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.shopbeat.co.za"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-36244",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T20:54:31.662739Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T20:55:19.155Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"arm"
],
"product": "studio",
"vendor": "Shop Beat",
"versions": [
{
"lessThan": "3.2.57",
"status": "affected",
"version": "studio",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Shop Beat thanks Emirates National Oil Company Limited (ENOC) LLC for the above discovery."
}
],
"datePublic": "2023-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 suffers from Multiple Stored Cross-Site Scripting (XSS) vulnerabilities via Shop Beat Control Panel found at www.shopbeat.co.za controlpanel.shopbeat.co.za."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-30T00:00:00",
"orgId": "d3f162d7-5820-4c58-beef-03f43baaf8ad",
"shortName": "ShopBeat"
},
"references": [
{
"url": "https://www.shopbeat.co.za"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Multiple Stored Cross-Site Scripting Vulnerabilities on Shop Beat Services",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "d3f162d7-5820-4c58-beef-03f43baaf8ad",
"assignerShortName": "ShopBeat",
"cveId": "CVE-2022-36244",
"datePublished": "2023-05-30T00:00:00",
"dateReserved": "2022-07-18T00:00:00",
"dateUpdated": "2025-01-13T20:55:19.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36243 (GCVE-0-2022-36243)
Vulnerability from cvelistv5 – Published: 2023-05-30 00:00 – Updated: 2025-01-13 20:56
VLAI?
Title
Directory Traversal on Shop Beat Services
Summary
Shop Beat Solutions (pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Directory Traversal via server.shopbeat.co.za. Information Exposure Through Directory Listing vulnerability in "studio" software of Shop Beat. This issue affects: Shop Beat studio studio versions prior to 3.2.57 on arm.
Severity ?
5.3 (Medium)
CWE
- CWE-548 - Information Exposure Through Directory Listing
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
Shop Beat thanks Emirates National Oil Company Limited (ENOC) LLC for the above discovery.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:00:04.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.shopbeat.co.za"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-36243",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T20:56:00.626503Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T20:56:36.011Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"arm"
],
"product": "studio",
"vendor": "Shop Beat",
"versions": [
{
"lessThan": "3.2.57",
"status": "affected",
"version": "studio",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Shop Beat thanks Emirates National Oil Company Limited (ENOC) LLC for the above discovery."
}
],
"datePublic": "2023-05-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Shop Beat Solutions (pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Directory Traversal via server.shopbeat.co.za. Information Exposure Through Directory Listing vulnerability in \"studio\" software of Shop Beat. This issue affects: Shop Beat studio studio versions prior to 3.2.57 on arm."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-548",
"description": "CWE-548 Information Exposure Through Directory Listing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-30T00:00:00",
"orgId": "d3f162d7-5820-4c58-beef-03f43baaf8ad",
"shortName": "ShopBeat"
},
"references": [
{
"url": "https://www.shopbeat.co.za"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Directory Traversal on Shop Beat Services",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "d3f162d7-5820-4c58-beef-03f43baaf8ad",
"assignerShortName": "ShopBeat",
"cveId": "CVE-2022-36243",
"datePublished": "2023-05-30T00:00:00",
"dateReserved": "2022-07-18T00:00:00",
"dateUpdated": "2025-01-13T20:56:36.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36250 (GCVE-0-2022-36250)
Vulnerability from nvd – Published: 2023-05-30 00:00 – Updated: 2025-01-13 20:50
VLAI?
Title
Cross Site Request Forgery on Shop Beat Services
Summary
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Cross Site Request Forgery (CSRF).
Severity ?
8.8 (High)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
Shop Beat thanks Emirates National Oil Company Limited (ENOC) LLC for the above discovery.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:00:04.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.shopbeat.co.za"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-36250",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T20:50:25.904838Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T20:50:36.099Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"arm"
],
"product": "studio",
"vendor": "Shop Beat",
"versions": [
{
"lessThan": "3.2.57",
"status": "affected",
"version": "studio",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Shop Beat thanks Emirates National Oil Company Limited (ENOC) LLC for the above discovery."
}
],
"datePublic": "2023-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Cross Site Request Forgery (CSRF)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-30T00:00:00",
"orgId": "d3f162d7-5820-4c58-beef-03f43baaf8ad",
"shortName": "ShopBeat"
},
"references": [
{
"url": "https://www.shopbeat.co.za"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Cross Site Request Forgery on Shop Beat Services",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "d3f162d7-5820-4c58-beef-03f43baaf8ad",
"assignerShortName": "ShopBeat",
"cveId": "CVE-2022-36250",
"datePublished": "2023-05-30T00:00:00",
"dateReserved": "2022-07-18T00:00:00",
"dateUpdated": "2025-01-13T20:50:36.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36247 (GCVE-0-2022-36247)
Vulnerability from nvd – Published: 2023-05-30 00:00 – Updated: 2025-01-13 20:53
VLAI?
Title
Shop Beat Services Vulnerable To IDOR
Summary
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to IDOR via controlpanel.shopbeat.co.za.
Severity ?
9.1 (Critical)
CWE
- By modifying IDOR data on controlpanel.shopbeat.co.za an attacker could manipulate unauthorised assets.
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
Shop Beat thanks Emirates National Oil Company Limited (ENOC) LLC for the above discovery.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:00:04.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.shopbeat.co.za"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-36247",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T20:53:17.166252Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T20:53:20.516Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"arm"
],
"product": "studio",
"vendor": "Shop Beat",
"versions": [
{
"lessThan": "3.2.57",
"status": "affected",
"version": "studio",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Shop Beat thanks Emirates National Oil Company Limited (ENOC) LLC for the above discovery."
}
],
"datePublic": "2023-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to IDOR via controlpanel.shopbeat.co.za."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "By modifying IDOR data on controlpanel.shopbeat.co.za an attacker could manipulate unauthorised assets.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-30T00:00:00",
"orgId": "d3f162d7-5820-4c58-beef-03f43baaf8ad",
"shortName": "ShopBeat"
},
"references": [
{
"url": "https://www.shopbeat.co.za"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Shop Beat Services Vulnerable To IDOR",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "d3f162d7-5820-4c58-beef-03f43baaf8ad",
"assignerShortName": "ShopBeat",
"cveId": "CVE-2022-36247",
"datePublished": "2023-05-30T00:00:00",
"dateReserved": "2022-07-18T00:00:00",
"dateUpdated": "2025-01-13T20:53:20.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36249 (GCVE-0-2022-36249)
Vulnerability from nvd – Published: 2023-05-30 00:00 – Updated: 2025-01-13 20:51
VLAI?
Title
Shop Beat Services Vulnerable To Bypass 2FA via APIs
Summary
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs. For Controlpanel Lite. "After login we are directly able to use the bearer token or jsession ID to access the apis instead of entering the 2FA code. Thus, leading to bypass of 2FA on API level.
Severity ?
5.4 (Medium)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
Shop Beat thanks Emirates National Oil Company Limited (ENOC) LLC for the above discovery.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:00:04.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.shopbeat.co.za"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-36249",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T20:51:16.299285Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T20:51:29.627Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"arm"
],
"product": "studio",
"vendor": "Shop Beat",
"versions": [
{
"lessThan": "3.2.57",
"status": "affected",
"version": "studio",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Shop Beat thanks Emirates National Oil Company Limited (ENOC) LLC for the above discovery."
}
],
"datePublic": "2023-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs. For Controlpanel Lite. \"After login we are directly able to use the bearer token or jsession ID to access the apis instead of entering the 2FA code. Thus, leading to bypass of 2FA on API level."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-30T00:00:00",
"orgId": "d3f162d7-5820-4c58-beef-03f43baaf8ad",
"shortName": "ShopBeat"
},
"references": [
{
"url": "https://www.shopbeat.co.za"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Shop Beat Services Vulnerable To Bypass 2FA via APIs",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "d3f162d7-5820-4c58-beef-03f43baaf8ad",
"assignerShortName": "ShopBeat",
"cveId": "CVE-2022-36249",
"datePublished": "2023-05-30T00:00:00",
"dateReserved": "2022-07-18T00:00:00",
"dateUpdated": "2025-01-13T20:51:29.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36246 (GCVE-0-2022-36246)
Vulnerability from nvd – Published: 2023-05-30 00:00 – Updated: 2025-01-13 20:54
VLAI?
Title
Shop Beat Services Vulnerable To Insecure Permissions
Summary
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Insecure Permissions.
Severity ?
9.8 (Critical)
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
Shop Beat thanks Emirates National Oil Company Limited (ENOC) LLC for the above discovery.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:00:04.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.shopbeat.co.za"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-36246",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T20:53:44.152916Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T20:54:08.746Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"arm"
],
"product": "studio",
"vendor": "Shop Beat",
"versions": [
{
"lessThan": "3.2.57",
"status": "affected",
"version": "studio",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Shop Beat thanks Emirates National Oil Company Limited (ENOC) LLC for the above discovery."
}
],
"datePublic": "2023-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Insecure Permissions."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-30T00:00:00",
"orgId": "d3f162d7-5820-4c58-beef-03f43baaf8ad",
"shortName": "ShopBeat"
},
"references": [
{
"url": "https://www.shopbeat.co.za"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Shop Beat Services Vulnerable To Insecure Permissions",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "d3f162d7-5820-4c58-beef-03f43baaf8ad",
"assignerShortName": "ShopBeat",
"cveId": "CVE-2022-36246",
"datePublished": "2023-05-30T00:00:00",
"dateReserved": "2022-07-18T00:00:00",
"dateUpdated": "2025-01-13T20:54:08.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36244 (GCVE-0-2022-36244)
Vulnerability from nvd – Published: 2023-05-30 00:00 – Updated: 2025-01-13 20:55
VLAI?
Title
Multiple Stored Cross-Site Scripting Vulnerabilities on Shop Beat Services
Summary
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 suffers from Multiple Stored Cross-Site Scripting (XSS) vulnerabilities via Shop Beat Control Panel found at www.shopbeat.co.za controlpanel.shopbeat.co.za.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
Shop Beat thanks Emirates National Oil Company Limited (ENOC) LLC for the above discovery.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:00:04.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.shopbeat.co.za"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-36244",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T20:54:31.662739Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T20:55:19.155Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"arm"
],
"product": "studio",
"vendor": "Shop Beat",
"versions": [
{
"lessThan": "3.2.57",
"status": "affected",
"version": "studio",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Shop Beat thanks Emirates National Oil Company Limited (ENOC) LLC for the above discovery."
}
],
"datePublic": "2023-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 suffers from Multiple Stored Cross-Site Scripting (XSS) vulnerabilities via Shop Beat Control Panel found at www.shopbeat.co.za controlpanel.shopbeat.co.za."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-30T00:00:00",
"orgId": "d3f162d7-5820-4c58-beef-03f43baaf8ad",
"shortName": "ShopBeat"
},
"references": [
{
"url": "https://www.shopbeat.co.za"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Multiple Stored Cross-Site Scripting Vulnerabilities on Shop Beat Services",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "d3f162d7-5820-4c58-beef-03f43baaf8ad",
"assignerShortName": "ShopBeat",
"cveId": "CVE-2022-36244",
"datePublished": "2023-05-30T00:00:00",
"dateReserved": "2022-07-18T00:00:00",
"dateUpdated": "2025-01-13T20:55:19.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36243 (GCVE-0-2022-36243)
Vulnerability from nvd – Published: 2023-05-30 00:00 – Updated: 2025-01-13 20:56
VLAI?
Title
Directory Traversal on Shop Beat Services
Summary
Shop Beat Solutions (pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Directory Traversal via server.shopbeat.co.za. Information Exposure Through Directory Listing vulnerability in "studio" software of Shop Beat. This issue affects: Shop Beat studio studio versions prior to 3.2.57 on arm.
Severity ?
5.3 (Medium)
CWE
- CWE-548 - Information Exposure Through Directory Listing
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
Shop Beat thanks Emirates National Oil Company Limited (ENOC) LLC for the above discovery.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:00:04.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.shopbeat.co.za"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-36243",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T20:56:00.626503Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T20:56:36.011Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"arm"
],
"product": "studio",
"vendor": "Shop Beat",
"versions": [
{
"lessThan": "3.2.57",
"status": "affected",
"version": "studio",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Shop Beat thanks Emirates National Oil Company Limited (ENOC) LLC for the above discovery."
}
],
"datePublic": "2023-05-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Shop Beat Solutions (pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Directory Traversal via server.shopbeat.co.za. Information Exposure Through Directory Listing vulnerability in \"studio\" software of Shop Beat. This issue affects: Shop Beat studio studio versions prior to 3.2.57 on arm."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-548",
"description": "CWE-548 Information Exposure Through Directory Listing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-30T00:00:00",
"orgId": "d3f162d7-5820-4c58-beef-03f43baaf8ad",
"shortName": "ShopBeat"
},
"references": [
{
"url": "https://www.shopbeat.co.za"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Directory Traversal on Shop Beat Services",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "d3f162d7-5820-4c58-beef-03f43baaf8ad",
"assignerShortName": "ShopBeat",
"cveId": "CVE-2022-36243",
"datePublished": "2023-05-30T00:00:00",
"dateReserved": "2022-07-18T00:00:00",
"dateUpdated": "2025-01-13T20:56:36.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}