EUVD-2026-16110

A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the file form/cart.php of the component Shopping Cart Module. Executing a manipulation of the argument del can lead to sql injection. The attack can be executed remotely. The exploit h...

CVE-2026-4841

CVE-2026-4841 affects the code-projects Online Food Ordering System 1.0, specifically the Shopping Cart Module’s cart.php (form/cart.php). A vulnerability arises from manipulating the del argument, enabling a SQL injection. The issue is exploitable remotely and the exploit is publicly available. ...

CVE-2026-4841 code-projects Online Food Ordering System Shopping Cart cart.php sql injection

A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the file form/cart.php of the component Shopping Cart Module. Executing a manipulation of the argument del can lead to sql injection. The attack can be executed remotely. The exploit h...

PT-2026-28205

A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the file form/cart.php of the component Shopping Cart Module. Executing a manipulation of the argument del can lead to sql injection. The attack can be executed remotely. The exploit h...

CVE-2026-0584

A weakness has been identified in code-projects Online Product Reservation System 1.0. This issue affects some unknown processing of the file app/products/leftcart.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been...

CVE-2026-0584 code-projects Online Product Reservation System left_cart.php sql injection

A weakness has been identified in code-projects Online Product Reservation System 1.0. This issue affects some unknown processing of the file app/products/leftcart.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been...

CVE-2026-0584

CVE-2026-0584 affects code-projects Online Product Reservation System 1.0. The vulnerability resides in the file app/products/left_cart.php where improper handling of the ID parameter enables SQL injection. This allows remote exploitation; multiple sources indicate the exploit is publicly availab...

PT-2026-1255

Name of the Vulnerable Software and Affected Versions code-projects Online Product Reservation System version 1.0 Description A flaw exists in the processing of the app/products/left cart.php file. Manipulation of the ID argument can lead to SQL injection. Remote exploitation is possible. The...

CVE-2024-44661

PHPGurukul Online Shopping Portal 2.0 is vulnerable to Cross Site Scripting XSS via the quantity parameter in my-cart.php...

CVE-2025-11430

A vulnerability was found in SourceCodester Simple E-Commerce Bookstore 1.0. The affected element is an unknown function of the file /cart.php. The manipulation of the argument remove results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

CVE-2025-11430 SourceCodester Simple E-Commerce Bookstore cart.php sql injection

A vulnerability was found in SourceCodester Simple E-Commerce Bookstore 1.0. The affected element is an unknown function of the file /cart.php. The manipulation of the argument remove results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

EUVD-2025-28716

Malicious code in bioql PyPI...

CVE-2025-50848

A file upload vulnerability was discovered in CS Cart 4.18.3, allows attackers to execute arbitrary code. CS Cart 4.18.3 allows unrestricted upload of HTML files, which are rendered directly in the browser when accessed. This allows an attacker to upload a crafted HTML file containing malicious...

Online Shoe Store cart2.php File SQL Injection Vulnerability

Online Shoe Store is an online shoe store system. Online Shoe Store suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file /cart2.php. An attacker can exploit this vulnerability to execute illegal...

code-projects Online Shoe Store 注入漏洞

Online Shoe Store is an online shoe store system. Online Shoe Store suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter qty in the file /cart.php. The vulnerability can be exploited to execute illegal SQL...

CVE-2024-3003

A vulnerability has been found in code-projects Online Book System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cart.php. The manipulation of the argument quantity/remove leads to sql injection. The attack can be launched remotely. The...

CVE-2025-4930

A vulnerability classified as critical has been found in Campcodes Online Shopping Portal 1.0. Affected is an unknown function of the file /my-cart.php. The manipulation of the argument billingaddress leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

PT-2025-3772 · Unknown · Code-Projects Point Of Sales/Inventory Management System

Name of the Vulnerable Software and Affected Versions: code-projects Point of Sales and Inventory Management System version 1.0 Description: A critical issue was found in the system, affecting an unknown function of the file /user/minus cart.php. The manipulation of the id argument leads to SQL...

Multiple cross-site scripting vulnerabilities in X-CART 'xcart/cart.php'

X-CART is PHP shopping cart software. X-CART 'xcart/cart.php' has multiple cross-site scripting vulnerabilities because it fails to adequately clean up user-supplied input. An attacker could exploit these vulnerabilities to execute arbitrary script code in the context of an affected user's unawar...

PT-2009-1520 · Xt:Commerce · Xt:Commerce

Name of the Vulnerable Software and Affected Versions: xt:Commerce versions 3.0.4 and earlier Description: The issue allows remote attackers to hijack web sessions by setting the XTCsid parameter in the shopping cart.php file. This enables attackers to take control of user sessions, potentially...