Filtered by vendor Behance
Subscriptions
Filtered by product Smartshop
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-25340 | 1 Behance | 1 Smartshop | 2026-05-25 | 8.2 High |
| Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to category.php with UNION-based SQL injection payloads in the id parameter to extract sensitive database information including usernames and other data. | ||||
| CVE-2018-25341 | 1 Behance | 1 Smartshop | 2026-05-25 | 8.2 High |
| Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to product.php with union-based SQL injection payloads in the id parameter to extract sensitive database information including usernames and database names. | ||||
| CVE-2018-25342 | 1 Behance | 1 Smartshop | 2026-05-25 | 8.2 High |
| Smartshop 1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'searched' parameter in search.php. Attackers can send GET requests with malicious SQL payloads like SLEEP commands to extract sensitive database information including product details and system data. | ||||
| CVE-2018-25343 | 1 Behance | 1 Smartshop | 2026-05-25 | 4.3 Medium |
| Smartshop 1 contains a cross-site request forgery vulnerability that allows attackers to modify user profiles by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting editprofile.php with hidden fields for email and password parameters that execute automatically when visited by an authenticated admin user. | ||||
Page 1 of 1.