CVE-2017-20282 Joomla! Component jCart for OpenCart 2.0 SQL Injection

Joomla! Component jCart for OpenCart 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the productid parameter. Attackers can send GET requests to index.php with the option=comjcart&route=product/product...

CVE-2017-20282

Joomla! Component jCart for OpenCart 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the productid parameter. Attackers can send GET requests to index.php with the option=comjcart&route=product/product...

CVE-2017-20261 Joomla! Component Bargain Product VM3 1.0 SQL Injection

Joomla! Component Bargain Product VM3 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the productid parameter. Attackers can supply crafted SQL statements in GET requests to the brainy and alice...

CVE-2017-20260

Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the product_id parameter in the subscribeajax view. Attackers can craft SQL payloads to extract sensitive database...

PT-2026-50937

Name of the Vulnerable Software and Affected Versions Joomla! Component Price Alert version 3.0.2 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. By sending requests to the 'subscribeajax' view with crafted payloads in the product id parameter,...

CVE-2018-25341 Smartshop 1 SQL Injection via product.php id Parameter

Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to product.php with union-based SQL injection payloads in the id parameter to extract...

CVE-2018-25341

CVE-2018-25341 concerns Smartshop 1 with a SQL injection vulnerability in product.php id parameter. The issue allows unauthenticated attackers to perform union-based SQL injection to extract database information, including usernames and database names. Connected sources confirm the vulnerability ...

CVE-2026-33134 WeGIA has Authenticated Time-Based Blind SQL Injection in `restaurar_produto.php` via `id_produto` parameter

WeGIA is a web manager for charitable institutions. Versions 3.6.5 and below contain an authenticated SQL Injection vulnerability in the html/matPat/restaurarproduto.php endpoint. The vulnerability allows an authenticated attacker to inject arbitrary SQL commands via the idproduto GET parameter,...

CVE-2026-31895 WeGIA has a SQL Injection via Direct Query Interpolation in restaurar_produto.php

WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, WeGIA Web gerenciador para instituições assistenciais contains a SQL injection vulnerability in html/matPat/restaurarproduto.php. The idproduto parameter from $GET is directly interpolated into SQL queries without...

WeGIA SQL注入漏洞

WeGIA is a web manager for the welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.6 contained an SQL injection vulnerability. This vulnerability stemmed from the id Produto parameter in the html/matPat/restaurarProduto.php file being directly concatenated into the SQ...

PT-2026-22364

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the products id parameter. Attackers can modify the products id value in product info.php requests and append boolean-based SQL injection...

CVE-2019-25440 WebIncorp ERP Every version SQL Injection via product_detail.php

WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the prodid parameter. Attackers can send GET requests to productdetail.php with malicious prodid values to extract sensitive database informatio...

PT-2026-21441

WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the prod id parameter. Attackers can send GET requests to product detail.php with malicious prod id values to extract sensitive database...

Code-Projects Online Product Reservation System SQL注入漏洞

Code-Projects Online Product Reservation System is a Code-Projects open source online product reservation system. Code-Projects Online Product Reservation System version 1.0 has a SQL injection vulnerability, which originates from a misuse of the parameter prodid/name/price/model/ in the file...

CVE-2025-14249

A security flaw has been discovered in code-projects Online Ordering System 1.0. The affected element is an unknown function of the file /userschool.php. The manipulation of the argument productid results in sql injection. The attack may be performed from remote. The exploit has been released to...

PHP-Guitar-Shop SQL注入漏洞

PHP-Guitar-Shop is a guitar store website by the individual developer Konrad. PHP-Guitar-Shop suffers from a SQL injection vulnerability that stems from incorrect manipulation of the parameter ID in the file /product.php, which could lead to a SQL injection attack...

CVE-2025-12339 Campcodes Retro Basketball Shoes Online Store admin_football.php sql injection

A security vulnerability has been detected in Campcodes Retro Basketball Shoes Online Store 1.0. This issue affects some unknown processing of the file /admin/adminfootball.php. The manipulation of the argument pid leads to sql injection. Remote exploitation of the attack is possible. The exploit...

CVE-2025-52021

A SQL Injection vulnerability exists in the editproduct.php file of PuneethReddyHC Online Shopping System Advanced 1.0. The productid GET parameter is unsafely passed to a SQL query without proper validation or parameterization...

Exploit for CVE-2025-52021

CVE-2025-52021 — Time-Based Blind SQL Injection in PuneethRedd...

Code-Projects E-Commerce Website SQL注入漏洞

E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the pages/adminproductdetails.php file that does not perform security filtering on the prodid parameter. An attacker can exploit this vulnerability by manipulating the...