Shop Beat Security Advisory Notices

Shop Beat Solutions Pty Ltd

16 May 2023

CVE Records & Notices

CVE-2022-36243 - Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Directory Traversal via server.shopbeat.co.za.

CVE-2022-36250 & CVE-2022-36244 - Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 suffered from Multiple Stored Cross-Site Scripting (XSS) vulnerabilities via Shop Beat Control Panel found at www.shopbeat.co.za/controlpanel.shopbeat.co.za.

CVE-2022-36246 - Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Insecure Permissions.

CVE-2022-36247 - Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to IDOR via controlpanel.shopbeat.co.za.

CVE-2022-36249 - Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs.

Shop Beat thanks Emirates National Oil Company Limited (ENOC) LLC for the above discoveries.