CVE-2026-34358 CtrlPanel: Missing Authorization on Admin Write Endpoints Allows RBAC Bypass

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on form display methods but omit equivalent checks on the corresponding write methods, allowing any...

CVE-2026-2865

A vulnerability was found in itsourcecode Agri-Trading Online Shopping System 1.0. This impacts an unknown function of the file admin/productcontroller.php of the component HTTP POST Request Handler. Performing a manipulation of the argument Product results in sql injection. The attack may be...

CVE-2026-2865 itsourcecode Agri-Trading Online Shopping System HTTP POST Request productcontroller.php sql injection

A vulnerability was found in itsourcecode Agri-Trading Online Shopping System 1.0. This impacts an unknown function of the file admin/productcontroller.php of the component HTTP POST Request Handler. Performing a manipulation of the argument Product results in sql injection. The attack may be...

CVE-2025-15152

A vulnerability was identified in h-moses moga-mall up to 392d631a5ef15962a9bddeeb9f1269b9085473fa. This vulnerability affects the function addProduct of the file src/main/java/com/ms/product/controller/PmsProductController.java. Such manipulation of the argument objectName leads to unrestricted...

CVE-2025-15152

A vulnerability was identified in h-moses moga-mall up to 392d631a5ef15962a9bddeeb9f1269b9085473fa. This vulnerability affects the function addProduct of the file src/main/java/com/ms/product/controller/PmsProductController.java. Such manipulation of the argument objectName leads to unrestricted...

CVE-2025-15152 h-moses moga-mall PmsProductController.java addProduct unrestricted upload

A vulnerability was identified in h-moses moga-mall up to 392d631a5ef15962a9bddeeb9f1269b9085473fa. This vulnerability affects the function addProduct of the file src/main/java/com/ms/product/controller/PmsProductController.java. Such manipulation of the argument objectName leads to unrestricted...

PT-2025-53667

Name of the Vulnerable Software and Affected Versions h-moses moga-mall versions prior to 392d631a5ef15962a9bddeeb9f1269b9085473fa Description A vulnerability exists in h-moses moga-mall. The issue affects the addProduct function within the file...

moga-mall 代码问题漏洞

moga-mall is a microservices architecture based e-commerce platform by h-moses individual developers. A code issue vulnerability exists in moga-mall 392d631a5ef15962a9bddeeb9f1269b9085473fa and earlier versions, which originates from the file...

CVE-2025-12920

A flaw has been found in qianfox FoxCMS up to 1.2.16. Affected by this vulnerability is the function add/edit of the file app/admin/controller/Product.php. This manipulation of the argument Title causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-12920

A flaw has been found in qianfox FoxCMS up to 1.2.16. Affected by this vulnerability is the function add/edit of the file app/admin/controller/Product.php. This manipulation of the argument Title causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

CVE-2024-36837

SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file...

Bakery Online Ordering System Code Issue Vulnerability

Bakery Online Ordering System is a bakery online ordering system by janobe individual developer. A code issue vulnerability exists in Bakery Online Ordering System version 1.0, which stems from /admin/modules/product/controller.php containing an unknown function that causes unrestricted uploads v...

CVE-2024-36837

SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file...

PT-2024-27174 · Crmeb · Crmeb

Name of the Vulnerable Software and Affected Versions: CRMEB version 5.2.2 Description: The issue allows a remote attacker to obtain sensitive information. This is achieved via the getProductList function in the ProductController.php file. Recommendations: For CRMEB version 5.2.2, consider...

MyuCms 代码问题漏洞

MyuCms is a content management system based on ThinkPhp developed specifically for enterprises. myucms has a cross-site request forgery vulnerability in v2.2.1, which stems from a sql method in the product controllerindex.php file that does not correctly determine that the request originates from...

ShopsN v3.0 SQL Injection Vulnerability in Frontend ProductController.class.php File

ShopsN is a free e-commerce open source system. ShopsN v3.0 beta3 version ProductController.class.php file contains a SQL injection vulnerability , due to the system failed to strictly filter the guess function . Remote attackers can exploit the vulnerability to obtain sensitive database...

BootcmsV1. 1. 2 \application\classes\controller\product.php parameter id SQL injection

No description provided by source...