Shoppingtree Candypress Store — known CVE vulnerabilities
Every CVE whose affected-product data names Shoppingtree Candypress Store, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2008-0546 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and earlier 4.1.x versions, allow remote attackers to execute arbitrary…
CVE-2008-0737 — CVSS 7.5 (high): SQL injection vulnerability in admin/utilities_ConfigHelp.asp in CandyPress (CP) 4.1.1.26, and other 4.x and 3.x versions, allows remote…
CVE-2008-0738 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and earlier 4.1.x versions, allow remote attackers to execute arbitrary…
CVE-2008-0739 — CVSS 7.5 (high): SQL injection vulnerability in admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and earlier 4.x and 3.x versions, allows remote…
CVE-2008-0736 — CVSS 5.0 (medium): admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and possibly other 4.x and 3.x versions, allows remote attackers to obtain the…
CVE-2008-0547 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in admin/utilities_ConfigHelp.asp in CandyPress (CP) 4.1.1.26, and probably earlier 4.x and 3.x…