EUVD-2024-51250

Malicious code in bioql PyPI...

CVE-2024-12991

A vulnerability was found in Beijing Longda Jushang Technology DBShop商城系统 3.3 Release 231225. It has been declared as problematic. This vulnerability affects unknown code of the file /home-order. The manipulation of the argument orderStatus with the input %22%3E%3Csvg%20onload=alert5888%3E leads ...

CVE-2024-12991

CVE-2024-12991 affects Beijing Longda Jushang Technology DBShop商城系统 3.3 Release 231225. The vulnerable component is the file /home-order, where the parameter orderStatus can be manipulated to trigger a cross-site scripting (XSS) attack. The payload shown in reports, %22%3E%3Csvg%20onload=alert(58...

CVE-2024-12991 Beijing Longda Jushang Technology DBShop商城系统 home-order cross site scripting

A vulnerability was found in Beijing Longda Jushang Technology DBShop商城系统 3.3 Release 231225. It has been declared as problematic. This vulnerability affects unknown code of the file /home-order. The manipulation of the argument orderStatus with the input %22%3E%3Csvg%20onload=alert5888%3E leads ...

PT-2024-17854 · Beijing Longda Jushang Technology · Dbshop市场系统

Name of the Vulnerable Software and Affected Versions: Beijing Longda Jushang Technology DBShop商城系统 version 3.3 Release 231225 Description: A cross-site scripting issue affects the /home-order file, where manipulating the orderStatus argument with a specific input leads to cross-site scripting. T...

DBShop 代码注入漏洞

DBShop is a generation of e-commerce system from China Longda Vantage DBShop Company. A code injection vulnerability exists in DBShop 3.3 Release 231225. An attacker exploits this vulnerability to cause a cross-site scripting attack by using the input %22%3E%3Csvg%20onload=alert5888%3E incorrectl...

SQL Injection Vulnerability in DBShop

DBShop is an e-commerce system. DBShop suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

DBshop is vulnerable to XSS

DBShop is an e-commerce system. DBshop suffers from an XSS vulnerability that can be exploited by an attacker to obtain an administrator cookie...

SQL Injection Vulnerability in DBShop System

DBShop is an e-commerce system. A SQL injection vulnerability exists in the DBShop system, which can be exploited by attackers to obtain sensitive information from the database...

Command execution vulnerability in DBShop system (CNVD-2019-23860)

DBShop is an e-commerce system. A command execution vulnerability exists in the DBShop system that can be exploited by an attacker to gain server privileges...

SQL injection vulnerability in DBShop frontend Go***.php file

DBShop is an e-commerce system. A SQL injection vulnerability exists in the DBShop frontend Go.php file. An attacker can exploit the vulnerability to obtain sensitive database information...

SQL Injection Vulnerability in DBShop search_content Parameter

DBShop based on PHP official ZendFramework 2 framework for the development of a new generation of e-commerce system perfect support for PHP7. A SQL injection vulnerability exists in the DBShop searchcontent parameter, due to the program failing to filter user input data. An attacker can exploit...

DBShop e-commerce system has SQL injection vulnerability in the frontend

DBShop based on PHP official ZendFramework 2 framework for the development of a new generation of e-commerce system. A SQL injection vulnerability exists in the frontend of DBShop e-commerce system. An attacker can exploit the vulnerability to obtain database information...

Logic Design Flaw Vulnerability in DBSHOP_0.9.3_Beta

DBShop is an open source e-commerce online store system developed using endFramework. DBSHOP0.9.3Beta /module/Mobile/src/Mobile/Controller/HomeController.php there is a logical design flaw vulnerability . As the parameters of the post are passed to $passArray to determine whether the original...

Logic design flaw vulnerability at DBSHOP_0.9.3_Beta /module/Shopfront/src/Shopfront/Controller/CartController.php

DBShop is an open source e-commerce online store system developed using endFramework. DBSHOP0.9.3Beta /module/Shopfront/src/Shopfront/Controller/CartController.php at the logical design flaws vulnerability. When adding an order, it fails to determine the quantity of the product and directly...

Stored Cross-Site Scripting Vulnerability in DBSHOP_0.9.3_Beta

DBShop is an open source e-commerce online store system developed using endFramework. A stored cross-site scripting vulnerability exists at DBSHOP0.9.3Beta /module/Goods/view/goods/ask/index.phtml. Due to the failure to handle the output to the page of the inquiry response, the content is directl...

SQL Injection Vulnerability in DBSHOP_0.9.3_Beta Frontend

DBShop is an open source e-commerce online store system developed using endFramework. DBSHOP0.9.3Beta front SQL injection vulnerability . Due to /module/Shopfront/src/Shopfront/Controller/ArticleController.php at the id parameter spliced into the infoArticle failed to use quotation marks filter ,...

SQL Injection Vulnerability in DBSHOP_0.9.3_Beta goodsSearchAction Function

DBShop is an open source e-commerce online store system developed using endFramework. DBSHOP0.9.3Beta goodsSearchAction function SQL injection vulnerability . After obtaining the parameters timesort, clicksort, pricesort, the key name and key value will be spliced into the sql statement to bring ...

An SQL injection vulnerability exists in the DBSHOP_0.9.3_Beta getQuery() function.

DBShop is an open source e-commerce online store system developed using endFramework. DBSHOP0.9.3Beta suffers from SQL injection vulnerability. Due to the /DBSHOP/module/Shopfront/src/Shopfront/Controller/GoodslistController.php at indexAction first through getQuery to get all the parameters,...