Online Store Security Vulnerabilities

CVE-2022-30385

Merchandise Online Store v1.0 is vulnerable to SQL Injection via...

CVE-2022-30403

Merchandise Online Store v1.0 is vulnerable to SQL Injection via...

CVE-2022-30392

Merchandise Online Store v1.0 is vulnerable to SQL Injection via...

CVE-2022-30391

Merchandise Online Store v1.0 is vulnerable to SQL Injection via...

CVE-2022-30386

Merchandise Online Store v1.0 is vulnerable to SQL Injection via...

CVE-2022-30399

Merchandise Online Store v1.0 is vulnerable to SQL Injection via...

CVE-2022-30381

Merchandise Online Store v1.0 is vulnerable to file deletion via...

CVE-2022-30387

Merchandise Online Store v1.0 is vulnerable to SQL Injection via...

CVE-2022-25395

Cosmetics and Beauty Product Online Store v1.0 was discovered to contain multiple reflected cross-site scripting (XSS) attacks via the search parameter under the /cbpos/...

CVE-2022-25396

Cosmetics and Beauty Product Online Store v1.0 was discovered to contain a SQL injection vulnerability via the search...

CVE-2020-36064

Online Course Registration v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if...

CVE-2020-35398

An issue was discovered in UTI Mutual fund Android application 5.4.18 and prior, allows attackers to brute force enumeration of usernames determined by the error message returned after invalid credentials are...

CVE-2021-43156

In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a remote attacker to delete any...

CVE-2021-43155

Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injection via the "bookisbn" parameter in...

CVE-2020-19112

SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_delete.php, which could let a remote malicious user execute arbitrary...

CVE-2020-19111

Incorrect Access Control vulnerability in Online Book Store v1.0 via admin_verify.php, which could let a remote mailicious user bypass authentication and obtain sensitive...

CVE-2020-19114

SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, which could let a remote malicious user execute arbitrary...

CVE-2020-19109

SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_edit.php, which could let a remote malicious user execute arbitrary...

CVE-2020-19113

Arbitrary File Upload vulnerability in Online Book Store v1.0 in admin_add.php, which may lead to remote code...

CVE-2020-19108

SQL Injection vulnerability in Online Book Store v1.0 via the pubid parameter to bookPerPub.php, which could let a remote malicious user execute arbitrary...

CVE-2020-19110

SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to book.php parameter, which could let a remote malicious user execute arbitrary...

CVE-2020-19107

SQL Injection vulnerability in Online Book Store v1.0 via the isbn parameter to edit_book.php, which could let a remote malicious user execute arbitrary...

CVE-2020-23763

SQL injection in admin.php in Online Book Store 1.0 allows remote attackers to execute arbitrary SQL commands and bypass...

CVE-2021-28294

Online Ordering System 1.0 is vulnerable to arbitrary file upload through /onlineordering/GPST/store/initiateorder.php, which may lead to remote code execution...

CVE-2020-36003

The id parameter in detail.php of Online Book Store v1.0 is vulnerable to union-based blind SQL injection, which leads to the ability to retrieve all...

CVE-2020-28139

SourceCodester Online Clothing Store 1.0 is affected by a cross-site scripting (XSS) vulnerability via a Offer Detail field in...

CVE-2020-28140

SourceCodester Online Clothing Store 1.0 is affected by an arbitrary file upload via the image upload feature of...

CVE-2020-28138

SourceCodester Online Clothing Store 1.0 is affected by a SQL Injection via the txtUserName parameter to...

CVE-2020-24115

In projectworlds Online Book Store 1.0 Use of Hard-coded Credentials in source code leads to admin panel...

CVE-2020-10224

An unauthenticated file upload vulnerability has been identified in admin_add.php in PHPGurukul Online Book Store 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command...

CVE-2019-8289

Vulnerability in Online Store v1.0, stored XSS in admin/user_view.php adidas_member_email...

CVE-2019-8288

Vulnerability in Online Store v1.0, Stored XSS in user_view.php where adidas_member_user variable is not...

CVE-2019-8291

Online Store System v1.0 delete_file.php doesn't check to see if a user has administrative rights nor does it check for path...

CVE-2019-8292

Online Store System v1.0 delete_product.php doesn't check to see if a user authtenticated or has administrative rights allowing arbitrary product...

CVE-2019-8290

Vulnerability in Online Store v1.0, The registration form requirements for the member email format can be bypassed by posting directly to sent_register.php allowing special characters to be included and an XSS payload to be...

CVE-2017-5645

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary...

CVE-2008-5802

SQL injection vulnerability in index.php in E-topbiz Online Store 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id...

CVE-2008-5803

SQL injection vulnerability in admin/login.php in E-topbiz Online Store 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka username field). NOTE: some of these details are obtained from third party...

CVE-2008-2634

SQL injection vulnerability in index.asp in I-Pos Internet Pay Online Store 1.3 Beta and earlier allows remote attackers to execute arbitrary SQL commands via the item...

CVE-2007-4109

SQL injection vulnerability in sign_in.aspx in WebStore (Online Store Application Template) allows remote attackers to execute arbitrary SQL commands via the Password...