129 matches found
EUVD-2026-30264
Authorization bypass through User-Controlled key vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Session Hijacking. This issue affects E-Commerce Website: before 4.5.001...
PT-2026-40900
Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Blind SQL Injection. This issue affects E-Commerce Website: before 4.5.001...
CVE-2025-6577
Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows SQL Injection. This issue affects E-Commerce Website: before 4.5.001...
CVE-2022-27357
Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via /customerregister.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-27346
Ecommece-Website v1.1.0 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?slides. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-27436
A cross-site scripting XSS vulnerability in /public/admin/index.php?adduser at Ecommerce-Website v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username text field...
CVE-2025-13793
A weakness has been identified in winston-dsouza Ecommerce-Website up to 87734c043269baac0b4cfe9664784462138b1b2e. Affected by this issue is some unknown functionality of the file /includes/headermenu.php of the component GET Parameter Handler. Executing manipulation of the argument Error can lea...
EUVD-2025-199937
A weakness has been identified in winston-dsouza Ecommerce-Website up to 87734c043269baac0b4cfe9664784462138b1b2e. Affected by this issue is some unknown functionality of the file /includes/headermenu.php of the component GET Parameter Handler. Executing manipulation of the argument Error can lea...
CVE-2025-13793
A weakness has been identified in winston-dsouza Ecommerce-Website up to 87734c043269baac0b4cfe9664784462138b1b2e. Affected by this issue is some unknown functionality of the file /includes/headermenu.php of the component GET Parameter Handler. Executing manipulation of the argument Error can lea...
CVE-2025-13793 winston-dsouza Ecommerce-Website GET Parameter header_menu.php cross site scripting
A weakness has been identified in winston-dsouza Ecommerce-Website up to 87734c043269baac0b4cfe9664784462138b1b2e. Affected by this issue is some unknown functionality of the file /includes/headermenu.php of the component GET Parameter Handler. Executing manipulation of the argument Error can lea...
CVE-2025-13793 winston-dsouza Ecommerce-Website GET Parameter header_menu.php cross site scripting
A weakness has been identified in winston-dsouza Ecommerce-Website up to 87734c043269baac0b4cfe9664784462138b1b2e. Affected by this issue is some unknown functionality of the file /includes/headermenu.php of the component GET Parameter Handler. Executing manipulation of the argument Error can lea...
CVE-2025-13793
The CVE concerns winston-dsouza Ecommerce-Website (up to build 87734c043269baac0b4cfe9664784462138b1b2e) with a weakness in the /includes/header_menu.php component, specifically in the GET Parameter Handler. Manipulating the argument Error can trigger cross-site scripting. The issue is exploitabl...
Ecommerce-Website 代码注入漏洞
Ecommerce-Website is a full-fledged e-commerce website by Winston Dsouza Individual Developer with an admin panel built using PHP and MySql. A code injection vulnerability exists in Ecommerce-Website, which stems from the incorrect operation of the parameter Error in the file...
CVE-2024-44652
Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the useremail, username, userfirstname, userlastname, and useraddress parameters in userregister.php...
CVE-2024-44651
Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the recoveremail parameter in userpasswordrecover.php...
CVE-2024-44653
Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the useremail parameter in userlogin.php...
CVE-2024-44652
Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the useremail, username, userfirstname, userlastname, and useraddress parameters in userregister.php...
CVE-2024-44651
Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the recoveremail parameter in userpasswordrecover.php...
CVE-2024-44651
Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the recoveremail parameter in userpasswordrecover.php...
CVE-2024-44652
Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the useremail, username, userfirstname, userlastname, and useraddress parameters in userregister.php...