Lucene search
K

104 matches found

EUVD
EUVD
added 2026/06/27 6:50 a.m.9 views

EUVD-2026-39948

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.4 via the 'id' parameter due to missing validation on a user controlled key. This...

4.3CVSS5.7AI score0.00271EPSS
Exploits0References14
CVE
CVE
added 2026/02/22 1:34 p.m.14 views

CVE-2019-25440

CVE-2019-25440 — WebIncorp ERP suffers an unauthenticated SQL injection via the prod_id parameter in product_detail.php, enabling attackers to manipulate queries and potentially extract sensitive data. The vulnerability is triggered by GET requests with malicious prod_id values. Public references...

8.8CVSS5.9AI score0.00232EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/14 8:51 p.m.7 views

CVE-2025-66573

Solstice Pod API version 5.5, 6.2 contains an unauthenticated API endpoint /api/config that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without...

7.5CVSS6.8AI score0.00275EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/06 4:45 p.m.8 views

CVE-2025-14091

A weakness has been identified in TrippWasTaken PHP-Guitar-Shop up to 6ce0868889617c1975982aae6df8e49555d0d555. This vulnerability affects unknown code of the file /product.php of the component Product Details Page. Executing manipulation of the argument ID can lead to sql injection. It is possib...

7.5CVSS7.1AI score0.00264EPSS
Exploits0References1
NVD
NVD
added 2025/12/05 4:15 p.m.8 views

CVE-2025-14091

A weakness has been identified in TrippWasTaken PHP-Guitar-Shop up to 6ce0868889617c1975982aae6df8e49555d0d555. This vulnerability affects unknown code of the file /product.php of the component Product Details Page. Executing manipulation of the argument ID can lead to sql injection. It is possib...

7.5CVSS0.00264EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/05 4:2 p.m.5 views

EUVD-2025-201422

A weakness has been identified in TrippWasTaken PHP-Guitar-Shop up to 6ce0868889617c1975982aae6df8e49555d0d555. This vulnerability affects unknown code of the file /product.php of the component Product Details Page. Executing manipulation of the argument ID can lead to sql injection. It is possib...

7.5CVSS6.6AI score0.00264EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/05 4:2 p.m.5 views

CVE-2025-14091 TrippWasTaken PHP-Guitar-Shop Product Details product.php sql injection

A weakness has been identified in TrippWasTaken PHP-Guitar-Shop up to 6ce0868889617c1975982aae6df8e49555d0d555. This vulnerability affects unknown code of the file /product.php of the component Product Details Page. Executing manipulation of the argument ID can lead to sql injection. It is possib...

7.5CVSS6.8AI score0.00264EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/05 4:2 p.m.19 views

CVE-2025-14091 TrippWasTaken PHP-Guitar-Shop Product Details product.php sql injection

A weakness has been identified in TrippWasTaken PHP-Guitar-Shop up to 6ce0868889617c1975982aae6df8e49555d0d555. This vulnerability affects unknown code of the file /product.php of the component Product Details Page. Executing manipulation of the argument ID can lead to sql injection. It is possib...

7.5CVSS0.00264EPSS
Exploits0References4
CVE
CVE
added 2025/12/05 4:2 p.m.12 views

CVE-2025-14091

The CVE-2025-14091 entry concerns TrippWasTaken PHP-Guitar-Shop, specifically the Product Details Page component. The issue is a SQL injection caused by manipulation of the ID argument in /product.php, exploitable remotely and with the exploit publicly available. Affected versions are those prior...

7.5CVSS7.3AI score0.00264EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.7 views

PT-2025-49255

Name of the Vulnerable Software and Affected Versions TrippWasTaken PHP-Guitar-Shop versions prior to 6ce0868889617c1975982aae6df8e49555d0d555 Description A weakness exists in TrippWasTaken PHP-Guitar-Shop. The issue is related to SQL injection within the Product Details Page component,...

7.5CVSS7.4AI score0.00264EPSS
Exploits0References9
OSV
OSV
added 2025/12/04 9:16 p.m.4 views

CVE-2025-66573

Solstice Pod API version 5.5, 6.2 contains an unauthenticated API endpoint /api/config that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without...

7.5CVSS5.8AI score0.00275EPSS
Exploits1References4
EUVD
EUVD
added 2025/12/04 8:45 p.m.3 views

EUVD-2025-201276

Solstice Pod API version 5.5, 6.2 contains an unauthenticated API endpoint /api/config that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without...

6.9CVSS6.3AI score0.00275EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/12/04 8:45 p.m.9 views

CVE-2025-66573 Solstice Pod API Session Key Extraction via API Endpoint

Solstice Pod API version 5.5, 6.2 contains an unauthenticated API endpoint /api/config that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without...

6.9CVSS6.4AI score0.00275EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/04 8:45 p.m.21 views

CVE-2025-66573 Solstice Pod API Session Key Extraction via API Endpoint

Solstice Pod API version 5.5, 6.2 contains an unauthenticated API endpoint /api/config that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without...

6.9CVSS0.00275EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2025/12/04 8:45 p.m.5 views

CVE-2025-66573

Solstice Pod API version 5.5, 6.2 contains an unauthenticated API endpoint /api/config that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without...

7.5CVSS5.8AI score0.00275EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2025/12/04 8:45 p.m.16 views

CVE-2025-66573

Solstice Pod API exposure: Versions 5.5 and 6.2 include an unauthenticated /api/config endpoint that can disclose sensitive live-session data (session key, server version, product details, display name) to any user. This information exposure is documented across multiple sources (NVD/Red Hat/CVE ...

7.5CVSS6.4AI score0.00275EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.8 views

PT-2025-49141

Name of the Vulnerable Software and Affected Versions Solstice Pod API versions 5.5 through 6.2 Description The Solstice Pod API has an unauthenticated API endpoint. Specifically, the /api/config endpoint allows unauthorized access to sensitive information without requiring authentication. This...

6.9CVSS6.7AI score0.00275EPSS
Exploits1References7
CNVD
CNVD
added 2025/11/20 12:0 a.m.2 views

Online Shopping Portal product-details.php file SQL Injection Vulnerability

Online Shopping Portal is an online store system. Online Shopping Portal suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements for the name, summary, review, quality, price, and value parameters in product-details.php. An attacker c...

6.5CVSS8.3AI score0.00215EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/18 12:11 a.m.4 views

CVE-2024-44664

PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the name, summary, review, quality, price, and value parameters in product-details.php...

6.5CVSS8AI score0.00215EPSS
Exploits1References1
OSV
OSV
added 2025/11/17 8:15 p.m.5 views

CVE-2024-44664

PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the name, summary, review, quality, price, and value parameters in product-details.php...

6.5CVSS5.8AI score0.00215EPSS
Exploits1References2
Rows per page
Query Builder