Online Clothing Store Project Online Clothing Store — known CVE vulnerabilities
Every CVE whose affected-product data names Online Clothing Store Project Online Clothing Store, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2020-28138 — CVSS 9.8 (critical): SourceCodester Online Clothing Store 1.0 is affected by a SQL Injection via the txtUserName parameter to login.php.
CVE-2020-28140 — CVSS 9.8 (critical): SourceCodester Online Clothing Store 1.0 is affected by an arbitrary file upload via the image upload feature of Products.php.
CVE-2020-28139 — CVSS 6.1 (medium): SourceCodester Online Clothing Store 1.0 is affected by a cross-site scripting (XSS) vulnerability via a Offer Detail field in offer.php.