269 matches found
Simplcommerce 安全漏洞
Simplcommerce is a .Net based e-commerce platform by the individual developer of Simplcommerce. A security vulnerability exists in Simplcommerce. A remote attacker can exploit the vulnerability to execute arbitrary code in the search bar function via a specially crafted script...
CVE-2024-21100
Vulnerability in the Oracle Commerce Platform product of Oracle Commerce component: Platform. Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform...
CVE-2024-21100
Vulnerability in the Oracle Commerce Platform product of Oracle Commerce component: Platform. Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform...
CVE-2024-21100
CVE-2024-21100 affects Oracle Commerce Platform (Platform component) in Oracle Commerce, specifically versions 11.3.0–11.3.2. The root cause is insufficient input validation that allows an unauthenticated attacker with network access via HTTP to compromise the platform, potentially enabling unaut...
PT-2024-4884 · Oracle · Oracle Commerce Platform
Name of the Vulnerable Software and Affected Versions: Oracle Commerce Platform versions 11.3.0 through 11.3.2 Description: The issue is related to insufficient input validation in the Oracle Commerce Platform, allowing an unauthenticated attacker with network access via HTTP to compromise the...
SQL Injection Vulnerability in UFIDA NC of UFIDA Network Technology Co. Ltd (CNVD-2024-22455)
UFIDA NC is a large erp enterprise management system and e-commerce platform. A SQL injection vulnerability exists in UFIDA NC, which can be exploited by attackers to obtain sensitive database information...
CVE-2024-31447
Shopware 6 contains an improper session handling issue in the store-api logout path. For versions 6.3.5.0 up to but not including 6.6.1.0 and 6.5.8.8, an authenticated POST to /store-api/account/logout clears the cart but does not log the user out. The issue is limited to direct store-api usage; ...
CVE-2024-31205 Saleor CSRF bypass in refreshToken mutation
Saleor is an e-commerce platform. Starting in version 3.10.0 and prior to versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19, an attacker may bypass cross-set request forgery CSRF validation when calling refresh token mutation with empty string. When a user provides an empty string...
CVE-2024-31205 Saleor CSRF bypass in refreshToken mutation
Saleor is an e-commerce platform. Starting in version 3.10.0 and prior to versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19, an attacker may bypass cross-set request forgery CSRF validation when calling refresh token mutation with empty string. When a user provides an empty string...
CVE-2024-29888 Saleor vulnerable to customers addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method
Saleor is an e-commerce platform that serves high-volume companies. When using Pickup: Local stock only click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its address as click-and-collect address. This issue...
CVE-2024-22407
Shopware is an open headless commerce platform. In the Shopware CMS, the state handler for orders fails to sufficiently verify user authorizations for actions that modify the payment, delivery, and/or order status. Due to this inadequate implementation, users lacking 'write' permissions for order...
EverShop Security Breach
EverShop is EverShop open source a NodeJS e-commerce platform. A security vulnerability exists in EverShop versions prior to v.1.0.0-rc.5. A remote attacker can exploit this vulnerability to obtain sensitive information from the admin panel via a specially crafted script...
Infosoftbd Clcknshop SQL Injection Vulnerability
Infosoftbd Clcknshop is a multi-tenant/multi-tenant SAAS based e-commerce platform from Infosoftbd. Infosoftbd Clcknshop suffers from a SQL injection vulnerability that stems from the fact that incorrect manipulation of the parameter tag can lead to sql injection...
SAP Commerce Security Breach
SAP Commerce is a set of cloud-based e-commerce platform from Germany's SAP. It supports sales management, marketing management, order management, and operations management. A security vulnerability exists in SAP Commerce that originates from a null password that could accept user ID and password...
Security vulnerability in product bundling feature
Description Our e-commerce platform offers a bundled sales promotion feature, allowing an administrator to bind the sale of a product to an addon. However, we have identified a security vulnerability that exists in this feature. After an administrator cancels a bundle offer, users can still make...
CVE-2023-2712
Unrestricted Upload of File with Dangerous Type vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Command Injection, Using Malicious Files, Upload a Web Shell to a Web Server. This issue affects Rental Module: before 23.05.15...
Authorization
Authorization Bypass Through User-Controlled Key vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Authentication Abuse, Authentication Bypass.This issue affects Rental Module: before 23.05.15...
CVE-2023-2713 IDOR vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform.
Authorization Bypass Through User-Controlled Key vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Authentication Abuse, Authentication Bypass. This issue affects Rental Module: before 23.05.15...
CVE-2023-2713
CVE-2023-2713 describes an Authorization Bypass Through a User-Controlled Key in the Rental Module of Ideasoft’s E‑commerce Platform. The vulnerability allows Authentication Bypass in Rental Module versions prior to 23.05.15 due to misuse of a user-controlled key, enabling unauthorized access. Pu...
CVE-2023-2712 Malicious File Upload vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform.
Unrestricted Upload of File with Dangerous Type vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Command Injection, Using Malicious Files, Upload a Web Shell to a Web Server. This issue affects Rental Module: before 23.05.15...