Lucene search
K

56 matches found

Cvelist
Cvelist
added 2025/08/09 2:2 p.m.10 views

CVE-2025-8755 macrozheng mall com.macro.mall.portal.controller UmsMemberController.java detail authorization

A vulnerability was found in macrozheng mall up to 1.0.3 and classified as problematic. This issue affects the function detail of the file UmsMemberController.java of the component com.macro.mall.portal.controller. The manipulation of the argument orderId leads to authorization bypass. The attack...

6.9CVSS0.0053EPSS
Exploits1References5
CNVD
CNVD
added 2025/06/30 12:0 a.m.2 views

Inventory Management System editPayment.php File SQL Injection Vulnerability

Inventory Management System is an inventory management system. Inventory Management System has a SQL injection vulnerability that stems from insufficient filtering of the orderId parameter in the file /phpaction/editPayment.php. No details of the vulnerability are available at this time...

9.8CVSS7.9AI score0.00428EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:35 a.m.4 views

CVE-2023-32065

OroCommerce is an open-source Business to Business Commerce application built with flexibility in mind. Detailed Order totals information may be received by Order ID. This issue is patched in version 5.0.11 and 5.1.1...

5.8CVSS6.6AI score0.00491EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/19 12:0 a.m.4 views

SourceCodester Client Database Management System 注入漏洞

SourceCodester Client Database Management System is SourceCodester open source a client database management system . SourceCodester Client Database Management System version 1.0 has an injection vulnerability, the vulnerability stems from the operation of the parameter orderid in the file...

9.8CVSS7.8AI score0.00393EPSS
Exploits0References5
OSV
OSV
added 2025/05/09 5:15 p.m.4 views

CVE-2025-46192

SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in userpaymentupdate.php via the orderid POST parameter...

9.8CVSS6AI score0.00352EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/05/09 12:0 a.m.5 views

SourceCodester Client Database Management System 安全漏洞

SourceCodester Client Database Management System is a SourceCodester open source client database management system. A security vulnerability exists in SourceCodester Client Database Management System version 1.0, which originates from SQL injection due to incorrect operation of the parameter...

9.8CVSS7.8AI score0.00352EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/07 12:0 a.m.6 views

WordPress plugin PDF Invoices and Packing Slips For WooCommerce Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports PHP and MySQL server set up a personal blog site. WordPress plugin is an application plug-in. WordPress plugin PDF Invoices and...

8.8CVSS7.2AI score0.00967EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/03/07 12:0 a.m.8 views

PT-2024-18294 · WordPress · Woocommerce Pdf Invoices & Packing Slips

Name of the Vulnerable Software and Affected Versions: PDF Invoices and Packing Slips For WooCommerce plugin for WordPress versions up to, and including, 1.3.7 Description: The issue allows authenticated attackers with subscriber-level access and above to inject a PHP Object via deserialization o...

8.8CVSS7.9AI score0.00967EPSS
Exploits0References8
OSV
OSV
added 2024/02/14 3:15 p.m.3 views

CVE-2024-25223

Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID parameter at /adminView/viewEachOrder.php...

9.8CVSS5.8AI score0.00628EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/11/22 12:0 a.m.4 views

Billing System Project SQL注入漏洞

Billing System Project is a billing system project by Mayuri K. Individual developer. Billing System Project v1.0 suffers from a SQL injection vulnerability that stems from a lack of validation of the orderId parameter in fetchOrderData.php against an externally entered SQL statement. An attacker...

9.8CVSS7.8AI score0.00871EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/22 12:0 a.m.6 views

Billing System Project SQL注入漏洞

Billing System Project is a billing system project by Mayuri K. Individual developer. Billing System Project v1.0 suffers from a SQL injection vulnerability that stems from a lack of validation of the orderId parameter in printOrder.php against an externally entered SQL statement. An attacker cou...

9.8CVSS7.7AI score0.0089EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/08/18 8:15 p.m.4 views

CVE-2022-25228

CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQL queries in '/index.php?m=settings&a=show' via the 'userID' parameter, in '/index.php?m=candidates&a=show' via the 'candidateID', in '/index.php?m=joborders&a=show' via the 'jobOrderID' and '/index.php?m=companies&a=show' via...

6.5CVSS6.7AI score0.00844EPSS
Exploits1References3
OSV
OSV
added 2022/03/28 6:15 p.m.2 views

CVE-2022-0643

The Bank Mellat WordPress plugin through 1.3.7 does not sanitize and escape the orderId parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.4AI score0.00788EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/03/28 12:0 a.m.4 views

WordPress plugin Bank Mellat 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Bank Mellat plugin 1.3.7 and earlier versions have a cross-site scripting vulnerability that stems from a failure to clean a...

6.1CVSS4.9AI score0.00788EPSS
Exploits2References2
OSV
OSV
added 2021/09/20 10:15 a.m.4 views

CVE-2021-24402

The Orders functionality in the WP iCommerce WordPress plugin through 1.1.1 has an orderid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors...

7.2CVSS7.1AI score0.04501EPSS
Exploits2References2
OSV
OSV
added 2018/11/17 5:29 p.m.3 views

CVE-2018-19340

Guriddo Form PHP 5.3 has XSS via the demos/jqform/defaultnodb/default.php OrderID, ShipName, ShipAddress, ShipCity, ShipPostalCode, ShipCountry, Freight, or details parameter...

6.1CVSS5.8AI score0.00707EPSS
Exploits1References1
Rows per page
Query Builder