CVE-2018-25161

Warranty Tracking System 11.06.3 contains an SQL injection vulnerability that allows attackers to execute arbitrary SQL queries by injecting malicious code through the txtCustomerCode, txtCustomerName, and txtPhone POST parameters in SearchCustomer.php. Attackers can submit crafted SQL statements...

EUVD-2020-26482

Malware in sbrugna...

CVE-2025-10446

A security vulnerability has been detected in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/custsearchfrm.php?action=edit. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely...

CVE-2025-10446 Campcodes Computer Sales and Inventory System cust_searchfrm.php sql injection

A security vulnerability has been detected in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/custsearchfrm.php?action=edit. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely...

CVE-2020-5287

In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is improper access control on customers search. The problem is fixed in 1.7.6.5...

CVE-2020-2874

Vulnerability in the Oracle Email Center product of Oracle E-Business Suite component: Customer Search. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Email Center. Successf...

CVE-2024-9976

A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. This affects an unknown part of the file /php/managecustomer.php?action=search. The manipulation of the argument text leads to sql injection. It is possible to initiate the attack remotely. The...

Code-Projects Pharmacy Management System SQL注入漏洞

Code-Projects Pharmacy Management System is a Code-Projects open source pharmacy management system. Code-Projects Pharmacy Management System version 1.0 suffers from a SQL injection vulnerability, which originates from the parameter text in the file /php/managecustomer.php?action=search that can...

WordPress WP eStore plugin < 8.5.6 - Reflected XSS in Customer Search vulnerability

Reflected XSS in Customer Search vulnerability discovered by Bob Matyas in WordPress Plugin WP eStore versions 8.5.6...

CVE-2024-6133 WP eStore < 8.5.6 - Reflected XSS in Customer Search

The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-6133 WP eStore < 8.5.6 - Reflected XSS in Customer Search

The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-6133

The vulnerability CVE-2024-6133 affects the WordPress plugin wp-cart-for-digital-products (pre-8.5.6). The issue is a Reflected Cross-Site Scripting flaw where a parameter is not sanitized/escaped before output, potentially affecting high-privilege users (e.g., admins). Root cause: inadequate inp...

CVE-2020-5287

In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is improper access control on customers search. The problem is fixed in 1.7.6.5...

CVE-2020-2874

Vulnerability in the Oracle Email Center product of Oracle E-Business Suite component: Customer Search. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Email Center. Successf...

CVE-2020-2874

Vulnerability in the Oracle Email Center product of Oracle E-Business Suite component: Customer Search. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Email Center. Successf...

CVE-2020-2874

Vulnerability in the Oracle Email Center product of Oracle E-Business Suite component: Customer Search. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Email Center. Successf...

Warranty Tracking System 11.06.3 - txtCustomerCode SQL Injection

Warranty Tracking System 11.06.3 - txtCustomerCode SQL Injection Exploit Title: Warranty Tracking System 11.06.3 - 'txtCustomerCode' SQL Injection Dork: N/A Date: 2018-11-14 Exploit Author: Ihsan Sencan Vendor Homepage: http://warrantytrack.org/ Software Link:...

Warranty Tracking System 11.06.3 SQL Injection

Exploit Title: Warranty Tracking System 11.06.3 - 'txtCustomerCode' SQL Injection Dork: N/A Date: 2018-11-14 Exploit Author: Ihsan Sencan Vendor Homepage: http://warrantytrack.org/ Software Link: https://kent.dl.sourceforge.net/project/warrantytrack/warrantytrack%20Rel.11.06.3.zip Version: 11.06....

Shopify: Stored XSS via "Free Shipping" option (Discounts)

POC steps: 1 Go to the customers page and add a new search group named as "img src=x onerror=prompt7 see img1.png 2 Go to the discounts page, create a new discount code and mark the "Free Shipping" option. 3 Open a web proxy i.e. tamper data and press the "save discount" button. 4 Through the web...