Shopwind <=v3.4.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability.
5.4CVSS
5.3AI Score
0.001EPSS
Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Download vulnerability via the neirong parameter at \backend\controllers\DbController.php.
5.3CVSS
5.3AI Score
0.001EPSS
Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Delete vulnerability via the neirong parameter at \backend\controllers\DbController.php.
6.5CVSS
6.4AI Score
0.001EPSS
7.2CVSS
7AI Score
0.001EPSS
9.8CVSS
9.4AI Score
0.003EPSS
Shopwind v3.4.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the component /common/library/Page.php.
6.1CVSS
6AI Score
0.001EPSS
A vulnerability was found in Shopwind up to 4.6. It has been rated as critical. This issue affects the function actionCreate of the file /public/install/controllers/DefaultController.php of the component Installation. The manipulation leads to code injection. The attack may be initiated remotely. T...
5.6CVSS
6AI Score
0.0004EPSS