CVE-2021-40956

CVE-2021-40956 affects LaiKetui v3.5.0, with SQL injection via the menu management function in the background that can expose sensitive data. This corresponds to multiple sources confirming SQL injection in LaikeTui v3.5.0. No explicit exploitation details or patched version are provided in the c...

Malicious Package

Overview @xunlie/vue-context-menu is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

LaikeTui SQL注入漏洞

LaikeTui Laike e-commerce is a stable and small open source mall system for individual developers. A security vulnerability exists in LaikeTui v3.5.0. Attackers use this vulnerability through the menu management function in the background of the SQL injection attack , in order to obtain sensitive...

Malicious code in @tinkoff-react-bui/context-menu (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2f239b4e149956ae7fcbe368e6040942fc96e8fd6a13a332a4c1e64cffb9747d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-32335

Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/menus/managemenu.php?id=...

CVE-2022-32335

Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/menus/managemenu.php?id=...

CVE-2022-32330

Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/classes/Master.php?f=deletemenu...

CVE-2022-32330

Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/classes/Master.php?f=deletemenu...

CVE-2022-32336

Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/menus/viewmenu.php?id=...

CVE-2022-32336

Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/menus/viewmenu.php?id=...

CVE-2022-32336

Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/menus/viewmenu.php?id=...

WooCommerce Menu Cart < 2.12.0 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting When there is no shop active yet: https://example.com/wp-admin/index.php?a"alert/XSS/...

WooCommerce Menu Cart < 2.12.0 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC When there is no shop active yet: https://example.com/wp-admin/index.php?a"...

Fast Food Ordering System SQL注入漏洞

Fast Food Ordering System is a fast food ordering system from Carlo Montero's personal developer. version 1.0 of Fast Food Ordering System is vulnerable to SQL injection, which originates from /ffos/admin/menus/managemenu.php?id= The page lacks validation for external input SQL statements, which...

Fast Food Ordering System SQL注入漏洞

Fast Food Ordering System is a fast food ordering system from Carlo Montero's personal developer. version 1.0 of Fast Food Ordering System is vulnerable to SQL injection, which originates from /ffos/admin/menus/viewmenu.php?id=page Lack of validation of external input SQL statements can be...

Fast Food Ordering System SQL注入漏洞

Fast Food Ordering System is a fast food ordering system from Carlo Montero's personal developer. version 1.0 of Fast Food Ordering System is vulnerable to SQL injection, which originates from /ffos/classes/Master.php?f=deletemenu The page lacks validation for external input SQL statements, which...

Food-order-and-table-reservation-system SQL Injection Vulnerability

Food-order-and-table-reservation-system is enabling users to order food online and reserve a table for dine-in if there is no delivery option. food-order-and-table-reservation-system version 1.0 is vulnerable to an SQL injection vulnerability that originates in the categorywise-menu.php page wher...

WordPress WooCommerce Menu Cart plugin <= 2.11.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress WooCommerce Menu Cart plugin versions = 2.11.0. Solution Update the WordPress WooCommerce Menu Cart plugin to the latest available version at least 2.12.0...

WordPress WP Menu Cart plugin <= 2.11.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered in WordPress WP Menu Cart plugin versions = 2.11.0. Solution Update the WordPress WP Menu Cart plugin to the latest available version at least 2.12.0...

CVE-2022-28478

SeedDMS 6.0.17 and 5.1.24 are vulnerable to Directory Traversal. The "Remove file" functionality inside the "Log files management" menu does not sanitize user input allowing attackers with admin privileges to delete arbitrary files on the remote system...