Sparkshop

sparkshop

5 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-50722 1Sparkshop 1Sparkshop Sep 9, 2025 Aug 25, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Insecure Permissions vulnerability in sparkshop v.1.1.7 allows a remote attacker to execute arbitrary code via the Common.php component
CVE-2024-57685 1Sparkshop 1Sparkshop Mar 25, 2025 Feb 24, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar file.
CVE-2024-48107 1Sparkshop 1Sparkshop Apr 18, 2025 Oct 28, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 SparkShop <=1.1.7 is vulnerable to server-side request forgery (SSRF). This vulnerability allows attacks to scan ports on the Intranet or local network where the server resides, attack applications running on the Intrane...Show more SparkShop <=1.1.7 is vulnerable to server-side request forgery (SSRF). This vulnerability allows attacks to scan ports on the Intranet or local network where the server resides, attack applications running on the Intranet or local network, or read metadata on the cloud server.Show less
CVE-2024-46307 1Sparkshop 1Sparkshop Oct 15, 2024 Oct 9, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products.
CVE-2024-40425 1Sparkshop 1Sparkshop Apr 28, 2025 Jul 16, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 File Upload vulnerability in Nanjin Xingyuantu Technology Co Sparkshop (Spark Mall B2C Mall v.1.1.6 and before allows a remote attacker to execute arbitrary code via the contorller/common.php component.