Lucene search
K

31 matches found

CVE
CVE
added 2026/07/04 6:0 p.m.16 views

CVE-2026-14639

CVE-2026-14639 affects CodeAstro Ecommerce Website 1.0. The vulnerability is an SQL injection in the code path handling the URL /ecommerce-website-php/customer/my_account.php?edit_account, caused by unsafely manipulated parameter c_name. This allows potentially remote attacker access with low pri...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/04 6:0 p.m.31 views

CVE-2026-14639 CodeAstro Ecommerce Website my_account.php sql injection

A vulnerability has been found in CodeAstro Ecommerce Website 1.0. This impacts an unknown function of the file /ecommerce-website-php/customer/myaccount.php?editaccount. Such manipulation of the argument cname leads to sql injection. The attack may be launched remotely. The exploit has been...

6.5CVSS0.002EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/09 12:32 p.m.9 views

CVE-2023-4536

The My Account Page Editor WordPress plugin before 1.3.2 does not validate the profile picture to be uploaded, allowing any authenticated users, such as subscriber to upload arbitrary files to the server, leading to RCE...

8.8CVSS6.8AI score0.00816EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-18943

Malware in sbrugna...

6.1CVSS6.3AI score0.00802EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-25380

Malicious code in bioql PyPI...

5.4CVSS4.8AI score0.00264EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-24420

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.0054EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:15 a.m.9 views

CVE-2019-1010008

OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross Site Scripting XSS. The impact is: Theoretically low, but might potentially enable persistent XSS user could embed mal. code. The component is: Javascript code execution in "Name", "Location", "Bio" and "Starting Page" fields in the "M...

5.4CVSS6.2AI score0.00897EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:3 a.m.6 views

CVE-2018-7202

An issue was discovered in ProjectSend before r1053. XSS exists in the "Name" field on the My Account page...

6.1CVSS6AI score0.00802EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/19 12:0 a.m.5 views

CampCodes Online Shopping Portal 注入漏洞

CampCodes Online Shopping Portal is an online shopping portal from CampCodes, Inc. CampCodes Online Shopping Portal suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter Name in the file /my-account.php. An attacker...

9.8CVSS8.1AI score0.00415EPSS
Exploits1References5
Prion
Prion
added 2024/01/16 4:15 p.m.18 views

Code injection

The My Account Page Editor WordPress plugin before 1.3.2 does not validate the profile picture to be uploaded, allowing any authenticated users, such as subscriber to upload arbitrary files to the server, leading to RCE...

6.5CVSS7AI score0.00816EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/16 3:56 p.m.3 views

CVE-2023-4536 My Account Page Editor < 1.3.2 - Subscriber+ Arbitrary File Upload

The My Account Page Editor WordPress plugin before 1.3.2 does not validate the profile picture to be uploaded, allowing any authenticated users, such as subscriber to upload arbitrary files to the server, leading to RCE...

8.7AI score0.00816EPSS
Exploits2References1
CVE
CVE
added 2024/01/16 3:56 p.m.58 views

CVE-2023-4536

CVE-2023-4536 concerns the WordPress plugin My Account Page Editor (pre-1.3.2). The issue is a missing validation of the uploaded profile picture, enabling any authenticated user (e.g., a subscriber) to upload arbitrary files to the server, which can lead to remote code execution (RCE). The root ...

8.8CVSS8.6AI score0.00816EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/16 12:0 a.m.4 views

PT-2024-13240 · WordPress · My Account Page Editor

Name of the Vulnerable Software and Affected Versions: My Account Page Editor WordPress plugin versions prior to 1.3.2 Description: The issue allows any authenticated users to upload arbitrary files to the server, leading to remote code execution RCE. This is due to the lack of validation for the...

8.8CVSS9.3AI score0.00816EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2023/08/04 12:15 a.m.6 views

CVE-2023-36158

Cross Site Scripting XSS vulnerability in sourcecodester Toll Tax Management System 1.0 allows remote attackers to run arbitrary code via the First Name and Last Name fields on the My Account page...

6.1CVSS6.1AI score0.0062EPSS
Exploits1References5
OSV
OSV
added 2023/08/04 12:15 a.m.6 views

CVE-2023-36158

Cross Site Scripting XSS vulnerability in sourcecodester Toll Tax Management System 1.0 allows remote attackers to run arbitrary code via the First Name and Last Name fields on the My Account page...

6.1CVSS6.1AI score0.0062EPSS
Exploits1References4
NVD
NVD
added 2023/08/04 12:15 a.m.11 views

CVE-2023-36158

Cross Site Scripting XSS vulnerability in sourcecodester Toll Tax Management System 1.0 allows remote attackers to run arbitrary code via the First Name and Last Name fields on the My Account page...

6.1CVSS6.1AI score0.0062EPSS
Exploits1References3
Prion
Prion
added 2023/08/04 12:15 a.m.20 views

Cross site scripting

Cross Site Scripting XSS vulnerability in sourcecodester Toll Tax Management System 1.0 allows remote attackers to run arbitrary code via the First Name and Last Name fields on the My Account page...

5.8CVSS6.1AI score0.0062EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2023/08/03 12:0 a.m.5 views

Toll Tax Management System Cross-Site Scripting Vulnerability

Toll Tax Management System is a toll tax management system developed by Carlo Montero, an individual developer. A security vulnerability exists in Toll Tax Management System version 1.0, which can be exploited to run arbitrary code via the First Name and Last Name fields on the My Account page...

6.1CVSS7.2AI score0.0062EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/08/03 12:0 a.m.6 views

PT-2023-25457 · Unknown · Sourcecodester Toll Tax Management System

Name of the Vulnerable Software and Affected Versions: sourcecodester Toll Tax Management System version 1.0 Description: The issue allows remote attackers to run arbitrary code via the First Name and Last Name fields on the "My Account" page. This is a Cross Site Scripting XSS issue, which means...

6.1CVSS7.2AI score0.0062EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2023/08/03 12:0 a.m.15 views

CVE-2023-36158

Cross Site Scripting XSS vulnerability in sourcecodester Toll Tax Management System 1.0 allows remote attackers to run arbitrary code via the First Name and Last Name fields on the My Account page...

6.3AI score0.0062EPSS
Exploits1References3
Rows per page
Query Builder