Online Store System Project Online Store System — known CVE vulnerabilities
Every CVE whose affected-product data names Online Store System Project Online Store System, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2019-8291 — CVSS 7.5 (high): Online Store System v1.0 delete_file.php doesn't check to see if a user has administrative rights nor does it check for path traversal.
CVE-2019-8290 — CVSS 6.1 (medium): Vulnerability in Online Store v1.0, The registration form requirements for the member email format can be bypassed by posting directly to…
CVE-2019-8288 — CVSS 5.4 (medium): Vulnerability in Online Store v1.0, Stored XSS in user_view.php where adidas_member_user variable is not sanitized.
CVE-2019-8289 — CVSS 5.4 (medium): Vulnerability in Online Store v1.0, stored XSS in admin/user_view.php adidas_member_email variable
CVE-2019-8292 — CVSS 5.3 (medium): Online Store System v1.0 delete_product.php doesn't check to see if a user authtenticated or has administrative rights allowing arbitrary…