Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

E-Commerce Security Vulnerabilities

cve
cve

CVE-2001-0614

Carello E-Commerce 1.2.1 and earlier allows a remote attacker to gain additional privileges and execute arbitrary commands via a specially constructed URL.

7.7AI Score

0.022EPSS

2001-08-22 04:00 AM
37
cve
cve

CVE-2007-6292

SQL injection vulnerability in leggi_commenti.asp in MWOpen 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

8.4AI Score

0.001EPSS

2007-12-10 06:46 PM
21
cve
cve

CVE-2014-10016

Multiple cross-site scripting (XSS) vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to inject arbitrary web script or HTML via (1) unspecified vectors related to purchase_limit or the (2) name, (3) intl, (4) nocod, or (5) time parameter in an add_deliver...

6AI Score

0.002EPSS

2015-01-13 11:59 AM
25
cve
cve

CVE-2014-10017

Multiple SQL injection vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) changeSort or (2) switch parameter in the usces_itemedit page to wp-admin/admin.php.

8.8AI Score

0.002EPSS

2015-01-13 11:59 AM
17
cve
cve

CVE-2019-0298

SAP E-Commerce (Business-to-Consumer) application does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Fixed in the following components SAP-CRMJAV SAP-CRMWEB SAP-SHRWEB SAP-SHRJAV SAP-CRMAPP SAP-SHRAPP, versions 7.30, 7.31, 7.32, 7.33, 7.54.

6.1CVSS

5.9AI Score

0.001EPSS

2019-05-14 09:29 PM
29
cve
cve

CVE-2019-0308

An authenticated attacker in SAP E-Commerce (Business-to-Consumer application), versions 7.3, 7.31, 7.32, 7.33, 7.54, can change the price of the product to zero and also checkout, by injecting an HTML code in the application that will be executed whenever the victim logs in to the application even...

6.8CVSS

6.5AI Score

0.001EPSS

2019-06-12 03:29 PM
31
cve
cve

CVE-2023-3898

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mAyaNet E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: before 1.1.

9.8CVSS

9.7AI Score

0.001EPSS

2023-08-08 09:15 AM
28
cve
cve

CVE-2023-4674

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yaztek Software Technologies and Computer Systems E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: through 20231229. NOTE: The vendor was contacted early about this ...

9.8CVSS

9.6AI Score

0.001EPSS

2023-12-29 03:15 PM
11