Lucene search
+L

269 matches found

CNNVD
CNNVD
added 2024/04/30 12:0 a.m.6 views

Simplcommerce 安全漏洞

Simplcommerce is a .Net based e-commerce platform by the individual developer of Simplcommerce. A security vulnerability exists in Simplcommerce. A remote attacker can exploit the vulnerability to execute arbitrary code in the search bar function via a specially crafted script...

7.1CVSS7.7AI score0.00459EPSS
Exploits0References2
NVD
NVD
added 2024/04/16 10:15 p.m.21 views

CVE-2024-21100

Vulnerability in the Oracle Commerce Platform product of Oracle Commerce component: Platform. Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform...

4CVSS3.7AI score0.00347EPSS
Exploits0References1
OSV
OSV
added 2024/04/16 10:15 p.m.3 views

CVE-2024-21100

Vulnerability in the Oracle Commerce Platform product of Oracle Commerce component: Platform. Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform...

4CVSS7.1AI score0.00347EPSS
Exploits0References1
CVE
CVE
added 2024/04/16 9:26 p.m.66 views

CVE-2024-21100

CVE-2024-21100 affects Oracle Commerce Platform (Platform component) in Oracle Commerce, specifically versions 11.3.0–11.3.2. The root cause is insufficient input validation that allows an unauthenticated attacker with network access via HTTP to compromise the platform, potentially enabling unaut...

4CVSS6.6AI score0.00347EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/16 12:0 a.m.6 views

PT-2024-4884 · Oracle · Oracle Commerce Platform

Name of the Vulnerable Software and Affected Versions: Oracle Commerce Platform versions 11.3.0 through 11.3.2 Description: The issue is related to insufficient input validation in the Oracle Commerce Platform, allowing an unauthenticated attacker with network access via HTTP to compromise the...

4CVSS7AI score0.00347EPSS
Exploits0References6
CNVD
CNVD
added 2024/04/10 12:0 a.m.7 views

SQL Injection Vulnerability in UFIDA NC of UFIDA Network Technology Co. Ltd (CNVD-2024-22455)

UFIDA NC is a large erp enterprise management system and e-commerce platform. A SQL injection vulnerability exists in UFIDA NC, which can be exploited by attackers to obtain sensitive database information...

7.8AI score
Exploits0
CVE
CVE
added 2024/04/08 3:39 p.m.93 views

CVE-2024-31447

Shopware 6 contains an improper session handling issue in the store-api logout path. For versions 6.3.5.0 up to but not including 6.6.1.0 and 6.5.8.8, an authenticated POST to /store-api/account/logout clears the cart but does not log the user out. The issue is limited to direct store-api usage; ...

5.3CVSS5.1AI score0.00499EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/04/08 2:26 p.m.34 views

CVE-2024-31205 Saleor CSRF bypass in refreshToken mutation

Saleor is an e-commerce platform. Starting in version 3.10.0 and prior to versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19, an attacker may bypass cross-set request forgery CSRF validation when calling refresh token mutation with empty string. When a user provides an empty string...

4.2CVSS4.9AI score0.00193EPSS
Exploits0References2
OSV
OSV
added 2024/04/08 2:26 p.m.24 views

CVE-2024-31205 Saleor CSRF bypass in refreshToken mutation

Saleor is an e-commerce platform. Starting in version 3.10.0 and prior to versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19, an attacker may bypass cross-set request forgery CSRF validation when calling refresh token mutation with empty string. When a user provides an empty string...

4.2CVSS6.8AI score0.00193EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/03/27 6:53 p.m.42 views

CVE-2024-29888 Saleor vulnerable to customers addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method

Saleor is an e-commerce platform that serves high-volume companies. When using Pickup: Local stock only click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its address as click-and-collect address. This issue...

4.2CVSS4.7AI score0.00537EPSS
Exploits0References11
NVD
NVD
added 2024/01/16 11:15 p.m.41 views

CVE-2024-22407

Shopware is an open headless commerce platform. In the Shopware CMS, the state handler for orders fails to sufficiently verify user authorizations for actions that modify the payment, delivery, and/or order status. Due to this inadequate implementation, users lacking 'write' permissions for order...

6.5CVSS5.4AI score0.004EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/12/08 12:0 a.m.6 views

EverShop Security Breach

EverShop is EverShop open source a NodeJS e-commerce platform. A security vulnerability exists in EverShop versions prior to v.1.0.0-rc.5. A remote attacker can exploit this vulnerability to obtain sensitive information from the admin panel via a specially crafted script...

6.1CVSS6.4AI score0.00494EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/09/01 12:0 a.m.6 views

Infosoftbd Clcknshop SQL Injection Vulnerability

Infosoftbd Clcknshop is a multi-tenant/multi-tenant SAAS based e-commerce platform from Infosoftbd. Infosoftbd Clcknshop suffers from a SQL injection vulnerability that stems from the fact that incorrect manipulation of the parameter tag can lead to sql injection...

9.8CVSS8.4AI score0.45639EPSS
Exploits3References6
CNNVD
CNNVD
added 2023/08/08 12:0 a.m.5 views

SAP Commerce Security Breach

SAP Commerce is a set of cloud-based e-commerce platform from Germany's SAP. It supports sales management, marketing management, order management, and operations management. A security vulnerability exists in SAP Commerce that originates from a null password that could accept user ID and password...

9.8CVSS6.7AI score0.00614EPSS
Exploits0References4
Huntr
Huntr
added 2023/06/09 4:16 p.m.19 views

Security vulnerability in product bundling feature

Description Our e-commerce platform offers a bundled sales promotion feature, allowing an administrator to bind the sale of a product to an addon. However, we have identified a security vulnerability that exists in this feature. After an administrator cancels a bundle offer, users can still make...

3.5CVSS6.8AI score0.00407EPSS
Exploits1
NVD
NVD
added 2023/05/20 10:15 a.m.23 views

CVE-2023-2712

Unrestricted Upload of File with Dangerous Type vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Command Injection, Using Malicious Files, Upload a Web Shell to a Web Server. This issue affects Rental Module: before 23.05.15...

9.8CVSS9.6AI score0.01344EPSS
Exploits0References2
Prion
Prion
added 2023/05/20 10:15 a.m.14 views

Authorization

Authorization Bypass Through User-Controlled Key vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Authentication Abuse, Authentication Bypass.This issue affects Rental Module: before 23.05.15...

7.5CVSS9.5AI score0.00765EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/05/20 9:52 a.m.24 views

CVE-2023-2713 IDOR vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform.

Authorization Bypass Through User-Controlled Key vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Authentication Abuse, Authentication Bypass. This issue affects Rental Module: before 23.05.15...

9.8CVSS9.7AI score0.00765EPSS
Exploits0References2
CVE
CVE
added 2023/05/20 9:52 a.m.42 views

CVE-2023-2713

CVE-2023-2713 describes an Authorization Bypass Through a User-Controlled Key in the Rental Module of Ideasoft’s E‑commerce Platform. The vulnerability allows Authentication Bypass in Rental Module versions prior to 23.05.15 due to misuse of a user-controlled key, enabling unauthorized access. Pu...

9.8CVSS7.3AI score0.00765EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/05/20 9:49 a.m.28 views

CVE-2023-2712 Malicious File Upload vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform.

Unrestricted Upload of File with Dangerous Type vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Command Injection, Using Malicious Files, Upload a Web Shell to a Web Server. This issue affects Rental Module: before 23.05.15...

9.8CVSS9.7AI score0.01344EPSS
Exploits0References2
Rows per page
Query Builder