10 matches found
CVE-2021-47763 Aimeos Laravel ecommerce platform 2021.10 LTS - 'sort' SQL injection
Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint...
CVE-2026-21450
Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection via type parameter, which can lead to remote code execution or another exploitation. Version 2.3.10 fixes the issue...
CVE-2026-21448 Bagisto has Normal & Blind SSTI from low-privilege user when ordering product
Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection. When a normal customer orders any product, in the add address step they can inject a value to run in admin view. The issue can lead to remote code execution. Version...
PT-2026-1125
Name of the Vulnerable Software and Affected Versions Bagisto versions prior to 2.3.10 Description Bagisto, an open source Laravel eCommerce platform, has an issue where API routes remain active even after the initial installation is complete. The API endpoints /install/api/ are directly accessib...
PT-2026-1130
Name of the Vulnerable Software and Affected Versions Bagisto versions prior to 2.3.10 Description Bagisto, an open source Laravel eCommerce platform, is susceptible to server-side template injection through the type parameter. This can potentially lead to remote code execution. Recommendations...
Cross-site Scripting (XSS)
Overview s-cart/core is a free Laravel e-commerce for business. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the User-Agent header in the Admin Log Viewer. An attacker can execute arbitrary web scripts in an administrator's browser by injecting crafted input,...
AmazCart CMS 3.4 - Cross-Site-Scripting Vulnerability
Exploit Title: AmazCart CMS 3.4 - Cross-Site-Scripting XSS Exploit Author: Sajibe Kanti Vendor Name: CodeThemes Vendor Homepage: https://spondonit.com/ Software Link: https://codecanyon.net/item/amazcart-laravel-ecommerce-system-cms/34962179 Version: 3.4 Tested on: Live Demo Demo Link :...
Cross-site Scripting (XSS)
Overview s-cart/core is a free Laravel e-commerce for business. Affected versions of this package are vulnerable to Cross-site Scripting XSS which can lead to cookie stealing of any victim that visits the affected URL so the attacker can gain unauthorized access to that user's account through the...
Cross-site Scripting (XSS)
Overview s-cart/core is a free Laravel e-commerce for business. Affected versions of this package are vulnerable to Cross-site Scripting XSS in Admin section. It have the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie. Details...
Laracom Cross-Site Scripting Vulnerability
laracom is a free Laravel e-commerce software. A cross-site scripting vulnerability exists in laracom version 1.4.11, which can be exploited by an attacker to execute client-side code...