CMS MADE SIMPLE FORGE

SimpleShop

 
Back Back to List

[#12509] Sotred XSS + SQL injection

avatar
Created By: Marco Nappi (mrcnpp)
Date Submitted: Thu Jan 06 07:30:59 -0500 2022

Assigned To: Yuri Haperski (cmsms)
Version: None
CMSMS Version: None
Severity: Critical
Resolution: None
State: Open
Summary:
Sotred XSS + SQL injection
Detailed Description:
The module is vulnerable to stored XSS and to an SQL injection


History

Comments
avatar 
Date: 2022-01-06 08:24
Posted By: Yuri Haperski (cmsms)

Could you write me some examples to wdwp@ya.ru?
avatar 
Date: 2022-01-06 09:34
Posted By: Yuri Haperski (cmsms)

Thank you, Marco. This is not critical, because the admin panel is for
authorized users only. If you find vulnerabilities in the front-end, I would be
very grateful.