CVE-2019-25440

CVE-2019-25440 — WebIncorp ERP suffers an unauthenticated SQL injection via the prod_id parameter in product_detail.php, enabling attackers to manipulate queries and potentially extract sensitive data. The vulnerability is triggered by GET requests with malicious prod_id values. Public references...

Code-Projects E-Commerce Website SQL注入漏洞

E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter prodid in file /pages/productaddqty.php. An attacker can exploit this vulnerability to execu...

E-Commerce Website pages/admin_product_details.php file SQL Injection Vulnerability

E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the pages/adminproductdetails.php file that does not perform security filtering on the prodid parameter. An attacker can exploit this vulnerability by manipulating the...

CVE-2025-51969

A SQL Injection vulnerability exists in the product.php page of PuneethReddyHC Online Shopping System Advanced 1.0. This flaw is present in the productid GET parameter, which is not properly validated before being included in a SQL statement...

CVE-2017-10667

In index.php in Zen Cart 1.6.0, the productsid parameter can cause XSS...