21 matches found
CVE-2025-12919
A vulnerability was detected in EverShop up to 2.0.1. Affected is an unknown function of the file /src/modules/oms/graphql/types/Order/Order.resolvers.js of the component Order Handler. The manipulation of the argument uuid results in improper control of resource identifiers. The attack may be...
EverShop is vulnerable to Unauthorized Order Information Access (IDOR)
A vulnerability was detected in EverShop up to 2.0.1. Affected is an unknown function of the file /src/modules/oms/graphql/types/Order/Order.resolvers.js of the component Order Handler. The manipulation of the argument uuid results in improper control of resource identifiers. The attack may be...
CVE-2025-12919
A vulnerability was detected in EverShop up to 2.0.1. Affected is an unknown function of the file /src/modules/oms/graphql/types/Order/Order.resolvers.js of the component Order Handler. The manipulation of the argument uuid results in improper control of resource identifiers. The attack may be...
CVE-2025-12919
A vulnerability was detected in EverShop up to 2.0.1. Affected is an unknown function of the file /src/modules/oms/graphql/types/Order/Order.resolvers.js of the component Order Handler. The manipulation of the argument uuid results in improper control of resource identifiers. The attack may be...
CVE-2025-12919 EverShop Order Order.resolvers.js resource injection
A vulnerability was detected in EverShop up to 2.0.1. Affected is an unknown function of the file /src/modules/oms/graphql/types/Order/Order.resolvers.js of the component Order Handler. The manipulation of the argument uuid results in improper control of resource identifiers. The attack may be...
EUVD-2025-9941
Malicious code in bioql PyPI...
CVE-2024-6830
A vulnerability, which was classified as critical, was found in SourceCodester Simple Inventory Management System 1.0. Affected is an unknown function of the file action.php of the component Order Handler. The manipulation of the argument orderid leads to sql injection. It is possible to launch t...
CVE-2025-3329
A vulnerability classified as problematic has been found in Consumer Comanda Mobile up to 14.9.3.2/15.0.0.8. This affects an unknown part of the component Restaurant Order Handler. The manipulation of the argument Login/Password leads to cleartext transmission of sensitive information. The attack...
CVE-2025-3329
A vulnerability classified as problematic has been found in Consumer Comanda Mobile up to 14.9.3.2/15.0.0.8. This affects an unknown part of the component Restaurant Order Handler. The manipulation of the argument Login/Password leads to cleartext transmission of sensitive information. The attack...
CVE-2025-3329 Consumer Comanda Mobile Restaurant Order cleartext transmission
A vulnerability classified as problematic has been found in Consumer Comanda Mobile up to 14.9.3.2/15.0.0.8. This affects an unknown part of the component Restaurant Order Handler. The manipulation of the argument Login/Password leads to cleartext transmission of sensitive information. The attack...
CVE-2025-3329 Consumer Comanda Mobile Restaurant Order cleartext transmission
A vulnerability classified as problematic has been found in Consumer Comanda Mobile up to 14.9.3.2/15.0.0.8. This affects an unknown part of the component Restaurant Order Handler. The manipulation of the argument Login/Password leads to cleartext transmission of sensitive information. The attack...
CVE-2025-3329
CVE-2025-3329 affects Consumer Comanda Mobile (versions 14.9.3.2 through 15.0.0.8) in the Restaurant Order Handler component. The issue is the manipulation of the Login/Password argument, which results in sensitive information being transmitted in clear text. Exploitation requires proximity (loca...
PT-2025-15129 · Unknown · Consumer Comanda Mobile
Name of the Vulnerable Software and Affected Versions: Consumer Comanda Mobile versions 14.9.3.2 through 15.0.0.8 Description: A problematic issue has been found in Consumer Comanda Mobile, affecting an unknown part of the Restaurant Order Handler component. The manipulation of the Login/Password...
CVE-2024-6830
A vulnerability, which was classified as critical, was found in SourceCodester Simple Inventory Management System 1.0. Affected is an unknown function of the file action.php of the component Order Handler. The manipulation of the argument orderid leads to sql injection. It is possible to launch t...
CVE-2024-6830
A vulnerability, which was classified as critical, was found in SourceCodester Simple Inventory Management System 1.0. Affected is an unknown function of the file action.php of the component Order Handler. The manipulation of the argument orderid leads to sql injection. It is possible to launch t...
CVE-2024-6830 SourceCodester Simple Inventory Management System Order action.php sql injection
A vulnerability, which was classified as critical, was found in SourceCodester Simple Inventory Management System 1.0. Affected is an unknown function of the file action.php of the component Order Handler. The manipulation of the argument orderid leads to sql injection. It is possible to launch t...
CVE-2024-6830
CVE-2024-6830 affects SourceCodester Simple Inventory Management System 1.0, specifically the Order Handler’s file action.php. The vulnerability arises from an unauthenticated manipulation of the order_id argument, leading to SQL injection. It is described as exploitable remotely, with public dis...
CVE-2023-3988
A vulnerability was found in Cafe Billing System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file index.php of the component Order Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely...
Sql injection
A vulnerability was found in Cafe Billing System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file index.php of the component Order Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely...
CVE-2023-3988 Cafe Billing System Order index.php sql injection
A vulnerability was found in Cafe Billing System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file index.php of the component Order Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely...