153 matches found
PT-2026-35823
A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects the function save user of the file /admin/ajax.php?action=save user. Executing a manipulation of the argument Name can lead to cross site scripting. The attack can be executed remotely. The...
PT-2026-35822
A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function save order of the file /admin/ajax.php?action=save order. Performing a manipulation of the argument first name results in cross site scripting. Remote exploitation of the attack is possible. The...
PT-2026-35705
A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function get cart items of the file /admin/ajax.php?action=get cart items. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has bee...
PT-2026-35712
A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This impacts the function save category of the file /admin/ajax.php?action=save category. Such manipulation of the argument Name leads to sql injection. The attack may be performed from remote. The exploit has been...
SourceCodester Pizzafy Ecommerce System 注入漏洞
SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System has a SQL injection vulnerability. This vulnerability stems from the ID parameter in the getcartcount function of the...
SourceCodester Pizzafy Ecommerce System 跨站脚本漏洞
SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System contains a cross-site scripting vulnerability. This vulnerability arises from the parameter Name in the saveuser function in the file...
mall 授权问题漏洞
Mall is a set of e-commerce systems developed by Macro Personal Developers, including a front-end shopping mall system and a back-end management system. Versions of Mall 1.0.3 and earlier had authorization issues and vulnerabilities. These vulnerabilities stemmed from authentication flaws in the...
CVE-2025-12291
A vulnerability was found in ashymuzuro Full-Ecommece-Website and Muzuro Ecommerce System up to 1.1.0. This affects an unknown part of the file /admin/index.php?addproduct of the component Add Product Page. The manipulation results in unrestricted upload. The attack may be performed from remote...
CVE-2025-12291 ashymuzuro Full-Ecommece-Website/Muzuro Ecommerce System Add Product index.php unrestricted upload
A vulnerability was found in ashymuzuro Full-Ecommece-Website and Muzuro Ecommerce System up to 1.1.0. This affects an unknown part of the file /admin/index.php?addproduct of the component Add Product Page. The manipulation results in unrestricted upload. The attack may be performed from remote...
mall 安全漏洞
mall is an e-commerce system for macro individual developers, including the front-end mall system and the back-end management system. A security vulnerability exists in mall 1.0.3 and earlier versions, which stems from an issue with the transmission of sensitive information in clear text...
Cross-site Scripting (XSS)
Overview shopxo/shopxo is an e-commerce system. Affected versions of this package are vulnerable to Cross-site Scripting XSS via multiple pages when handling the lang or systemtype arguments. An attacker can inject and execute arbitrary scripts in the context of a user's browser by supplying...
mall 安全漏洞
mall is an e-commerce system for macro individual developers, including a frontend mall system and a backend management system. A security vulnerability exists in mall version 1.0.3 and earlier versions, which stems from allowing the use of default encryption keys...
CVE-2024-8089
A vulnerability was found in SourceCodester E-Commerce System 1.0. It has been classified as critical. Affected is an unknown function of the file /ecommerce/admin/products/controller.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack...
CVE-2024-8086
A vulnerability has been found in SourceCodester E-Commerce System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ecommerce/admin/login.php of the component Admin Login. The manipulation of the argument useremail leads to sql injection. The attack can be...
SourceCodester E-Commerce System SQL注入漏洞
SourceCodester E-Commerce System is an e-commerce system from SourceCodester Inc. SourceCodester E-Commerce System version 1.0 suffers from a SQL injection vulnerability in the useremail parameter of /ecommerce/admin/login.php of the component Admin Login page...
Verydows 跨站请求伪造漏洞
Verydows is a lightweight open source e-commerce management system developed using the PHP language. Verytops Verydows suffers from a security vulnerability that stems from the presence of a cross-site request forgery CSRF vulnerability, which allows an attacker to execute arbitrary code via a...
The vulnerability in the /ecommerce/admin/settings/setDiscount.php script of the SourceCodester E-Commerce System allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability in the ecommerce/admin/settings/setDiscount.php file of the SourceCodester E-Commerce System is related to the lack of protection for SQL query structures. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of th...
PT-2023-17073 · Sourcecodester · Sourcecodester E-Commerce System
Name of the Vulnerable Software and Affected Versions: SourceCodester E-Commerce System version 1.0 Description: A critical issue affects some unknown functionality of the file /ecommerce/admin/user/controller.php?action=edit of the component Username Handler. The manipulation of the USERID...
CVE-2023-1507
A vulnerability has been found in SourceCodester E-Commerce System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /ecommerce/admin/category/controller.php of the component Category Name Handler. The manipulation of the argument CATEGORY...
CVE-2023-1504
A vulnerability classified as critical was found in SourceCodester Alphaware Simple E-Commerce System 1.0. This vulnerability affects unknown code. The manipulation of the argument email/password with the input test1%40test.com ' AND SELECT 6077 FROM SELECTSLEEP5dltn AND 'PhRa'='PhRa leads to sql...