74 matches found
MINI-Q4PF-XF3R-292W
Bulletin has no description...
CVE-2017-20260
Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the productid parameter. Attackers can send requests to the subscribeajax view with crafted SQL payloads in the...
EUVD-2017-18988
Joomla! Component Bargain Product VM3 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the productid parameter. Attackers can supply crafted SQL statements in GET requests to the brainy and alice...
CVE-2017-20261
CVE-2017-20261 affects Joomla! Component Bargain Product VM3 1.0. It is an SQL injection vulnerability in the product_id parameter that allows unauthenticated attackers to execute arbitrary SQL queries by injecting code via GET requests to the brainy and alice views, enabling extraction of sensit...
MINI-M3CX-WRF5-3WPV
Bulletin has no description...
MINI-PM5C-2PM6-XPHG
Bulletin has no description...
MINI-7G99-2HVP-CM4R
Bulletin has no description...
MINI-34CH-GVRF-V4CM
Bulletin has no description...
MINI-QPX4-CXXR-JM56
Bulletin has no description...
MINI-GF98-8R69-8MRJ
Bulletin has no description...
MINI-24M7-784P-GRF6
Bulletin has no description...
PT-2026-44943
Name of the Vulnerable Software and Affected Versions Shopper versions prior to 2.8.0 Description Sub-form Livewire components within the product editor—specifically those handling Edit, Inventory, Seo, Shipping, and Files—lack authorization on their store method. This allows any authenticated...
CVE-2026-42207
Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, MageProductAlertAddController::stockAction reads the uenc query parameter and passes...
MINI-VXH9-8X4P-75CH
Bulletin has no description...
MINI-H69R-HQ8H-GWJM
Bulletin has no description...
MINI-R947-F84J-H9RG
Bulletin has no description...
CVE-2021-47928 Opencart TMD Vendor System 3.x Blind SQL Injection via product route
Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the productid parameter. Attackers can craft malicious SQL queries using time-based or content-based blind injection...
PT-2026-39504
Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the product id parameter. Attackers can craft malicious SQL queries using time-based or content-based blind injection...
MINI-2C29-P3X6-CR88
Bulletin has no description...
CVE-2026-7269
A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected is an unknown function of the file /index.php?page=product. Performing a manipulation of the argument ID results in cross site scripting. It is possible to initiate the attack remotely. The exploit has...