Lucene search
+L

133 matches found

cvelist
cvelist
added 2026/07/06 5:45 a.m.39 views

CVE-2026-14799 CodeAstro Ecommerce Website my_account.php sql injection

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. Impacted is an unknown function of the file /customer/myaccount.php?mywishlist. The manipulation of the argument deletewishlist results in sql injection. The attack can be launched remotely. The exploit has been released to t...

6.5CVSS0.00204EPSS
Exploits0References6
euvd
euvd
added 2026/07/05 7:45 p.m.7 views

EUVD-2026-41777

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown part of the file /ecommerce-website-php/customer/confirm.php of the component POST Parameter Handler. The manipulation of the argument invoiceno results in sql injection. The attack can be executed...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/07/05 12:0 a.m.10 views

PT-2026-55819

Name of the Vulnerable Software and Affected Versions CodeAstro Ecommerce Website version 1.0 Description An SQL injection flaw exists in the POST Parameter Handler component within the file /ecommerce-website-php/customer/confirm.php. A remote attacker can exploit this by manipulating the invoic...

6.5CVSS6.7AI score0.00204EPSS
Exploits0References12
cvelist
cvelist
added 2026/07/04 6:0 p.m.35 views

CVE-2026-14639 CodeAstro Ecommerce Website my_account.php sql injection

A vulnerability has been found in CodeAstro Ecommerce Website 1.0. This impacts an unknown function of the file /ecommerce-website-php/customer/myaccount.php?editaccount. Such manipulation of the argument cname leads to sql injection. The attack may be launched remotely. The exploit has been...

6.5CVSS0.002EPSS
Exploits0References6
euvd
euvd
added 2026/05/14 9:25 a.m.17 views

EUVD-2026-30264

Authorization bypass through User-Controlled key vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Session Hijacking. This issue affects E-Commerce Website: before 4.5.001...

9.8CVSS5.8AI score0.00426EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/14 12:0 a.m.10 views

PT-2026-40900

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Blind SQL Injection. This issue affects E-Commerce Website: before 4.5.001...

9.8CVSS5.8AI score0.00358EPSS
Exploits0References2
nvd
nvd
added 2026/05/12 10:16 a.m.11 views

CVE-2025-6577

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows SQL Injection. This issue affects E-Commerce Website: before 4.5.001...

9.8CVSS0.0026EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/07 9:49 a.m.11 views

CVE-2022-27357

Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via /customerregister.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

9.8CVSS8.2AI score0.03333EPSS
Exploits3References1
redhatcve
redhatcve
added 2026/01/07 9:48 a.m.8 views

CVE-2022-27346

Ecommece-Website v1.1.0 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?slides. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

8.8CVSS8.2AI score0.02539EPSS
Exploits3References1
redhatcve
redhatcve
added 2026/01/07 9:48 a.m.8 views

CVE-2022-27436

A cross-site scripting XSS vulnerability in /public/admin/index.php?adduser at Ecommerce-Website v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username text field...

4.8CVSS5.8AI score0.00976EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/12/03 3:6 p.m.4 views

CVE-2025-13793

A weakness has been identified in winston-dsouza Ecommerce-Website up to 87734c043269baac0b4cfe9664784462138b1b2e. Affected by this issue is some unknown functionality of the file /includes/headermenu.php of the component GET Parameter Handler. Executing manipulation of the argument Error can lea...

5.3CVSS5.1AI score0.0027EPSS
Exploits0References1
euvd
euvd
added 2025/11/30 6:30 p.m.5 views

EUVD-2025-199937

A weakness has been identified in winston-dsouza Ecommerce-Website up to 87734c043269baac0b4cfe9664784462138b1b2e. Affected by this issue is some unknown functionality of the file /includes/headermenu.php of the component GET Parameter Handler. Executing manipulation of the argument Error can lea...

5.3CVSS4.8AI score0.0027EPSS
Exploits0References5
nvd
nvd
added 2025/11/30 5:15 p.m.6 views

CVE-2025-13793

A weakness has been identified in winston-dsouza Ecommerce-Website up to 87734c043269baac0b4cfe9664784462138b1b2e. Affected by this issue is some unknown functionality of the file /includes/headermenu.php of the component GET Parameter Handler. Executing manipulation of the argument Error can lea...

5.3CVSS0.0027EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2025/11/30 5:2 p.m.3 views

CVE-2025-13793 winston-dsouza Ecommerce-Website GET Parameter header_menu.php cross site scripting

A weakness has been identified in winston-dsouza Ecommerce-Website up to 87734c043269baac0b4cfe9664784462138b1b2e. Affected by this issue is some unknown functionality of the file /includes/headermenu.php of the component GET Parameter Handler. Executing manipulation of the argument Error can lea...

5.3CVSS4.9AI score0.0027EPSS
Exploits0References4
cvelist
cvelist
added 2025/11/30 5:2 p.m.16 views

CVE-2025-13793 winston-dsouza Ecommerce-Website GET Parameter header_menu.php cross site scripting

A weakness has been identified in winston-dsouza Ecommerce-Website up to 87734c043269baac0b4cfe9664784462138b1b2e. Affected by this issue is some unknown functionality of the file /includes/headermenu.php of the component GET Parameter Handler. Executing manipulation of the argument Error can lea...

5.3CVSS0.0027EPSS
Exploits0References4
cve
cve
added 2025/11/30 5:2 p.m.15 views

CVE-2025-13793

The CVE concerns winston-dsouza Ecommerce-Website (up to build 87734c043269baac0b4cfe9664784462138b1b2e) with a weakness in the /includes/header_menu.php component, specifically in the GET Parameter Handler. Manipulating the argument Error can trigger cross-site scripting. The issue is exploitabl...

5.3CVSS3.7AI score0.0027EPSS
Exploits0References4
cnnvd
cnnvd
added 2025/11/30 12:0 a.m.5 views

Ecommerce-Website 代码注入漏洞

Ecommerce-Website is a full-fledged e-commerce website by Winston Dsouza Individual Developer with an admin panel built using PHP and MySql. A code injection vulnerability exists in Ecommerce-Website, which stems from the incorrect operation of the parameter Error in the file...

5.3CVSS5AI score0.0027EPSS
Exploits0References5
redhatcve
redhatcve
added 2025/11/18 12:11 a.m.7 views

CVE-2024-44652

Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the useremail, username, userfirstname, userlastname, and useraddress parameters in userregister.php...

6.5CVSS8AI score0.00235EPSS
Exploits1References1
nvd
nvd
added 2025/11/17 6:15 p.m.9 views

CVE-2024-44653

Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the useremail parameter in userlogin.php...

6.5CVSS0.00235EPSS
Exploits1References2
osv
osv
added 2025/11/17 6:15 p.m.5 views

CVE-2024-44651

Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the recoveremail parameter in userpasswordrecover.php...

6.5CVSS5.8AI score0.00235EPSS
Exploits1References2
Rows per page
Query Builder