← Back

Tp Shop

tp-shop

Vendor: Tp Shop • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-18164
1Tp Shop
1Tp Shop
Nov 21, 2024
Aug 17, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
SQL Injection vulnerability exists in tp-shop 2.x-3.x via the /index.php/home/api/shop fBill parameter.
CVE-2018-9919
1Tp Shop
1Tp Shop
Nov 21, 2024
May 2, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A web-accessible backdoor, with resultant SSRF, exists in Tp-shop 2.0.5 through 2.0.8, which allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution, b...Show more
A web-accessible backdoor, with resultant SSRF, exists in Tp-shop 2.0.5 through 2.0.8, which allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution, because /vendor/phpdocumentor/reflection-docblock/tests/phpDocumentor/Reflection/DocBlock/Tag/LinkTagTeet.php writes data from the "down_url" URL into the "bddlj" local file if the attacker knows the backdoor "jmmy" parameter.Show less