Tp Shop

tp-shop

3 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-18164 1Tp Shop 1Tp Shop Nov 21, 2024 Aug 17, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL Injection vulnerability exists in tp-shop 2.x-3.x via the /index.php/home/api/shop fBill parameter.
CVE-2018-9919 1Tp Shop 1Tp Shop Nov 21, 2024 May 2, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A web-accessible backdoor, with resultant SSRF, exists in Tp-shop 2.0.5 through 2.0.8, which allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution, b...Show more A web-accessible backdoor, with resultant SSRF, exists in Tp-shop 2.0.5 through 2.0.8, which allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution, because /vendor/phpdocumentor/reflection-docblock/tests/phpDocumentor/Reflection/DocBlock/Tag/LinkTagTeet.php writes data from the "down_url" URL into the "bddlj" local file if the attacker knows the backdoor "jmmy" parameter.Show less
CVE-2017-16614 1Tp Shop 1Tpshop Nov 21, 2024 Mar 30, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SSRF (Server Side Request Forgery) in tpshop 2.0.5 and 2.0.6 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the plugins/payment/weixin/lib...Show more SSRF (Server Side Request Forgery) in tpshop 2.0.5 and 2.0.6 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the plugins/payment/weixin/lib/WxPay.tedatac.php fBill parameter.Show less