56 matches found
CVE-2025-8755 macrozheng mall com.macro.mall.portal.controller UmsMemberController.java detail authorization
A vulnerability was found in macrozheng mall up to 1.0.3 and classified as problematic. This issue affects the function detail of the file UmsMemberController.java of the component com.macro.mall.portal.controller. The manipulation of the argument orderId leads to authorization bypass. The attack...
Inventory Management System editPayment.php File SQL Injection Vulnerability
Inventory Management System is an inventory management system. Inventory Management System has a SQL injection vulnerability that stems from insufficient filtering of the orderId parameter in the file /phpaction/editPayment.php. No details of the vulnerability are available at this time...
CVE-2023-32065
OroCommerce is an open-source Business to Business Commerce application built with flexibility in mind. Detailed Order totals information may be received by Order ID. This issue is patched in version 5.0.11 and 5.1.1...
SourceCodester Client Database Management System 注入漏洞
SourceCodester Client Database Management System is SourceCodester open source a client database management system . SourceCodester Client Database Management System version 1.0 has an injection vulnerability, the vulnerability stems from the operation of the parameter orderid in the file...
CVE-2025-46192
SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in userpaymentupdate.php via the orderid POST parameter...
SourceCodester Client Database Management System 安全漏洞
SourceCodester Client Database Management System is a SourceCodester open source client database management system. A security vulnerability exists in SourceCodester Client Database Management System version 1.0, which originates from SQL injection due to incorrect operation of the parameter...
WordPress plugin PDF Invoices and Packing Slips For WooCommerce Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports PHP and MySQL server set up a personal blog site. WordPress plugin is an application plug-in. WordPress plugin PDF Invoices and...
PT-2024-18294 · WordPress · Woocommerce Pdf Invoices & Packing Slips
Name of the Vulnerable Software and Affected Versions: PDF Invoices and Packing Slips For WooCommerce plugin for WordPress versions up to, and including, 1.3.7 Description: The issue allows authenticated attackers with subscriber-level access and above to inject a PHP Object via deserialization o...
CVE-2024-25223
Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID parameter at /adminView/viewEachOrder.php...
Billing System Project SQL注入漏洞
Billing System Project is a billing system project by Mayuri K. Individual developer. Billing System Project v1.0 suffers from a SQL injection vulnerability that stems from a lack of validation of the orderId parameter in fetchOrderData.php against an externally entered SQL statement. An attacker...
Billing System Project SQL注入漏洞
Billing System Project is a billing system project by Mayuri K. Individual developer. Billing System Project v1.0 suffers from a SQL injection vulnerability that stems from a lack of validation of the orderId parameter in printOrder.php against an externally entered SQL statement. An attacker cou...
CVE-2022-25228
CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQL queries in '/index.php?m=settings&a=show' via the 'userID' parameter, in '/index.php?m=candidates&a=show' via the 'candidateID', in '/index.php?m=joborders&a=show' via the 'jobOrderID' and '/index.php?m=companies&a=show' via...
CVE-2022-0643
The Bank Mellat WordPress plugin through 1.3.7 does not sanitize and escape the orderId parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...
WordPress plugin Bank Mellat 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Bank Mellat plugin 1.3.7 and earlier versions have a cross-site scripting vulnerability that stems from a failure to clean a...
CVE-2021-24402
The Orders functionality in the WP iCommerce WordPress plugin through 1.1.1 has an orderid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors...
CVE-2018-19340
Guriddo Form PHP 5.3 has XSS via the demos/jqform/defaultnodb/default.php OrderID, ShipName, ShipAddress, ShipCity, ShipPostalCode, ShipCountry, Freight, or details parameter...