Collne Inc Welcart E-Commerce vulnerabilities

CVE-2023-50847 [HIGH] CWE-89 CVE-2023-50847: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Collne Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through 2.9.3.

CVE-2023-43610 [HIGH] CWE-89 CVE-2023-43610: SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 all SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor (without setting authority) or higher privilege to perform unintended database operations.

CVE-2023-40219 [HIGH] CWE-434 CVE-2023-40219: Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or higher privilege to upload an Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or higher privilege to upload an arbitrary file to an unauthorized directory.

CVE-2023-43493 [MEDIUM] CWE-89 CVE-2023-43493: SQL injection vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a SQL injection vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain sensitive information.

CVE-2023-43484 [MEDIUM] CWE-79 CVE-2023-43484: Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 al Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script.

CVE-2023-40532 [MEDIUM] CWE-22 CVE-2023-40532: Path traversal vulnerability in Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author Path traversal vulnerability in Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain partial information of the files on the web server.

CVE-2023-41233 [MEDIUM] CWE-79 CVE-2023-41233: Cross-site scripting vulnerability in Item List page registration process of Welcart e-Commerce vers Cross-site scripting vulnerability in Item List page registration process of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script.

CVE-2023-41962 [MEDIUM] CWE-79 CVE-2023-41962: Cross-site scripting vulnerability in Credit Card Payment Setup page of Welcart e-Commerce versions Cross-site scripting vulnerability in Credit Card Payment Setup page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script in the page.

CVE-2023-43614 [MEDIUM] CWE-79 CVE-2023-43614: Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8 Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script.

CVE-2023-22705 [MEDIUM] CWE-79 CVE-2023-22705: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Collne Inc. Welcart e-Commerce plugin Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Collne Inc. Welcart e-Commerce plugin <= 2.8.10 versions.

CVE-2022-41840 [CRITICAL] CWE-22 CVE-2022-41840: Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress. Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress.

CVE-2021-20734 [MEDIUM] CWE-79 CVE-2021-20734: Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attac Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary script or HTML via unspecified vectors.