31 matches found
CVE-2026-14639 CodeAstro Ecommerce Website my_account.php sql injection
A vulnerability has been found in CodeAstro Ecommerce Website 1.0. This impacts an unknown function of the file /ecommerce-website-php/customer/myaccount.php?editaccount. Such manipulation of the argument cname leads to sql injection. The attack may be launched remotely. The exploit has been...
CVE-2026-14639
CVE-2026-14639 affects CodeAstro Ecommerce Website 1.0. The vulnerability is an SQL injection in the code path handling the URL /ecommerce-website-php/customer/my_account.php?edit_account, caused by unsafely manipulated parameter c_name. This allows potentially remote attacker access with low pri...
CVE-2023-4536
The My Account Page Editor WordPress plugin before 1.3.2 does not validate the profile picture to be uploaded, allowing any authenticated users, such as subscriber to upload arbitrary files to the server, leading to RCE...
EUVD-2018-18943
Malware in sbrugna...
EUVD-2025-25380
Malicious code in bioql PyPI...
EUVD-2022-24420
Malicious code in bioql PyPI...
CVE-2019-1010008
OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross Site Scripting XSS. The impact is: Theoretically low, but might potentially enable persistent XSS user could embed mal. code. The component is: Javascript code execution in "Name", "Location", "Bio" and "Starting Page" fields in the "M...
CVE-2018-7202
An issue was discovered in ProjectSend before r1053. XSS exists in the "Name" field on the My Account page...
CampCodes Online Shopping Portal 注入漏洞
CampCodes Online Shopping Portal is an online shopping portal from CampCodes, Inc. CampCodes Online Shopping Portal suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter Name in the file /my-account.php. An attacker...
Code injection
The My Account Page Editor WordPress plugin before 1.3.2 does not validate the profile picture to be uploaded, allowing any authenticated users, such as subscriber to upload arbitrary files to the server, leading to RCE...
CVE-2023-4536 My Account Page Editor < 1.3.2 - Subscriber+ Arbitrary File Upload
The My Account Page Editor WordPress plugin before 1.3.2 does not validate the profile picture to be uploaded, allowing any authenticated users, such as subscriber to upload arbitrary files to the server, leading to RCE...
CVE-2023-4536
CVE-2023-4536 concerns the WordPress plugin My Account Page Editor (pre-1.3.2). The issue is a missing validation of the uploaded profile picture, enabling any authenticated user (e.g., a subscriber) to upload arbitrary files to the server, which can lead to remote code execution (RCE). The root ...
PT-2024-13240 · WordPress · My Account Page Editor
Name of the Vulnerable Software and Affected Versions: My Account Page Editor WordPress plugin versions prior to 1.3.2 Description: The issue allows any authenticated users to upload arbitrary files to the server, leading to remote code execution RCE. This is due to the lack of validation for the...
CVE-2023-36158
Cross Site Scripting XSS vulnerability in sourcecodester Toll Tax Management System 1.0 allows remote attackers to run arbitrary code via the First Name and Last Name fields on the My Account page...
CVE-2023-36158
Cross Site Scripting XSS vulnerability in sourcecodester Toll Tax Management System 1.0 allows remote attackers to run arbitrary code via the First Name and Last Name fields on the My Account page...
CVE-2023-36158
Cross Site Scripting XSS vulnerability in sourcecodester Toll Tax Management System 1.0 allows remote attackers to run arbitrary code via the First Name and Last Name fields on the My Account page...
Cross site scripting
Cross Site Scripting XSS vulnerability in sourcecodester Toll Tax Management System 1.0 allows remote attackers to run arbitrary code via the First Name and Last Name fields on the My Account page...
Toll Tax Management System Cross-Site Scripting Vulnerability
Toll Tax Management System is a toll tax management system developed by Carlo Montero, an individual developer. A security vulnerability exists in Toll Tax Management System version 1.0, which can be exploited to run arbitrary code via the First Name and Last Name fields on the My Account page...
PT-2023-25457 · Unknown · Sourcecodester Toll Tax Management System
Name of the Vulnerable Software and Affected Versions: sourcecodester Toll Tax Management System version 1.0 Description: The issue allows remote attackers to run arbitrary code via the First Name and Last Name fields on the "My Account" page. This is a Cross Site Scripting XSS issue, which means...
CVE-2023-36158
Cross Site Scripting XSS vulnerability in sourcecodester Toll Tax Management System 1.0 allows remote attackers to run arbitrary code via the First Name and Last Name fields on the My Account page...