caffeinated-labs

3 exploits Active since Apr 2024
CVE-2023-36643 NOMISEC HIGH NO CODE
ITB-GmbH TradePro <9.5 - Info Disclosure
Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all orders from the online shop via oordershow component in customer function.
CVSS 7.5
CVE-2023-36644 NOMISEC HIGH SCANNER
ITB-GmbH TradePro <9.5 - Info Disclosure
Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all order confirmations from the online shop via the printmail plugin.
CVSS 7.5
CVE-2023-36645 NOMISEC CRITICAL NO CODE
ITB-GmbH TradePro <9.5 - SQL Injection
SQL injection vulnerability in ITB-GmbH TradePro v9.5, allows remote attackers to run SQL queries via oordershow component in customer function.
CVSS 9.1