Lucene search
K

16 matches found

Veracode
Veracode
added 2026/06/16 4:2 p.m.8 views

SQL Injection

org.linlinjava, litemall-wx-api is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of user-supplied input in the list function of WxGoodsController within the Front-end WeChat API, which allows a remote attacker to perform SQL injection attacks by manipulating craft...

7.5CVSS7.6AI score0.00259EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/05/18 12:31 a.m.5 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the /wx/goods/list endpoint in the front-end WeChat API. An attacker can access, modify, or delete sensitive data by sending specially crafted input to the API endpoint. Remediation There is no fixed version for...

7.5CVSS7.6AI score0.00259EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 12:31 a.m.5 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the /wx/goods/list endpoint in the front-end WeChat API. An attacker can access, modify, or delete sensitive data by sending specially crafted input to the API endpoint. Remediation There is no fixed version for...

7.5CVSS7.6AI score0.00259EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-13460

Malware in sbrugna...

9.8CVSS9.2AI score0.01133EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-32190

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00459EPSS
Exploits1References3
OSV
OSV
added 2025/10/02 4:15 p.m.3 views

CVE-2025-56162

YOSHOP 2.0 suffers from an unauthenticated SQL injection in the goodsIds parameter of the /api/goods/listByIds endpoint. The getListByIds function concatenates user input into orderRaw'fieldgoodsid, ...', allowing attackers to: a enumerate or modify database data, including dumping admin password...

6.5CVSS6.5AI score0.00459EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/10/02 12:0 a.m.6 views

PT-2025-40400

Name of the Vulnerable Software and Affected Versions YOSHOP version 2.0 Description The software is susceptible to an unauthenticated SQL injection through the goodsIds parameter of the /api/goods/listByIds API endpoint. The getListByIds function improperly concatenates user-supplied input into ...

6.5CVSS8.9AI score0.00459EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/10/02 12:0 a.m.9 views

CVE-2025-56162

YOSHOP 2.0 suffers from an unauthenticated SQL injection in the goodsIds parameter of the /api/goods/listByIds endpoint. The getListByIds function concatenates user input into orderRaw'fieldgoodsid, ...', allowing attackers to: a enumerate or modify database data, including dumping admin password...

0.00459EPSS
Exploits1References2
OSV
OSV
added 2025/06/04 6:15 a.m.10 views

CVE-2025-5569

A vulnerability was found in IdeaCMS up to 1.7 and classified as critical. This issue affects the function Article/Goods of the file /api/v1.index.article/getList.html. The manipulation of the argument Field leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.8 is...

8.8CVSS5.6AI score0.01269EPSS
Exploits1References7
OSV
OSV
added 2021/08/26 10:15 p.m.3 views

CVE-2020-20675

Nuishop v2.3 contains a SQL injection vulnerability in /goods/getGoodsListByConditions/...

9.8CVSS5.8AI score0.01133EPSS
Exploits1References1
NVD
NVD
added 2021/08/26 10:15 p.m.9 views

CVE-2020-20675

Nuishop v2.3 contains a SQL injection vulnerability in /goods/getGoodsListByConditions/...

9.8CVSS0.01133EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/08/26 9:11 p.m.19 views

CVE-2020-20675

Nuishop v2.3 contains a SQL injection vulnerability in /goods/getGoodsListByConditions/...

9.8AI score0.01133EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/08/26 12:0 a.m.3 views

Nuishop SQL注入漏洞

Nuishop is an application software. An application shopping center system. Nuishop version 2.3 suffers from a SQL injection vulnerability that can be exploited by an attacker who can include "/goods/getGoodsListByConditions/" in...

9.8CVSS8.6AI score0.01133EPSS
Exploits1References1
Openbugbounty
Openbugbounty
added 2017/12/28 3:33 a.m.10 views

pjtian.com XSS vulnerability

Open Bug Bounty ID: OBB-462242 Description| Value ---|--- Affected Website:| pjtian.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...

6.4AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/12/28 1:16 a.m.13 views

tradeease.net XSS vulnerability

Open Bug Bounty ID: OBB-462077 Description| Value ---|--- Affected Website:| tradeease.net Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat She...

6.4AI score
Exploits0
CNVD
CNVD
added 2017/12/03 12:0 a.m.2 views

SQL Injection Vulnerability in DuoDuo Rebate System V8.3_UTF8 official version admin\mod\goods\list.act.php

DuoDuo rebate system is for e-commerce rebate, shopping guide to provide solutions, is the open source PHP rebate site system. DuoDuo rebate web system V8.3UTF8 official version admin\mod\goods\list.act.php SQL injection vulnerability. The vulnerability is due to the system failing to effectively...

7.6AI score
Exploits0
Rows per page
Query Builder