CVE-2018-25341

Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to product.php with union-based SQL injection payloads in the id parameter to extract...

CVE-2018-25341 Smartshop 1 SQL Injection via product.php id Parameter

Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to product.php with union-based SQL injection payloads in the id parameter to extract...

CVE-2025-14650

A flaw has been found in itsourcecode Online Cake Ordering System 1.0. This affects an unknown part of the file /cakeshop/product.php. Executing manipulation of the argument Product can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used...

CVE-2025-14650

A flaw has been found in itsourcecode Online Cake Ordering System 1.0. This affects an unknown part of the file /cakeshop/product.php. Executing manipulation of the argument Product can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used...

CVE-2025-14650

A flaw has been found in itsourcecode Online Cake Ordering System 1.0. This affects an unknown part of the file /cakeshop/product.php. Executing manipulation of the argument Product can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used...

CVE-2025-14650 itsourcecode Online Cake Ordering System product.php sql injection

A flaw has been found in itsourcecode Online Cake Ordering System 1.0. This affects an unknown part of the file /cakeshop/product.php. Executing manipulation of the argument Product can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used...

CVE-2025-12920

FoxCMS up to 1.2.16 contains a cross-site scripting vulnerability in the add/edit path (app/admin/controller/Product.php, Title parameter). The issue can be triggered remotely and an exploit has been published; vendor did not respond. Affected versions should be updated to mitigate; as a workarou...

CVE-2025-12920 qianfox FoxCMS Product.php edit cross site scripting

A flaw has been found in qianfox FoxCMS up to 1.2.16. Affected by this vulnerability is the function add/edit of the file app/admin/controller/Product.php. This manipulation of the argument Title causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

EUVD-2025-32869

A vulnerability was identified in code-projects Simple Food Ordering System 1.0. Impacted is an unknown function of the file /product.php. Such manipulation of the argument Category leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used...

EUVD-2020-26494

Malware in sbrugna...

EUVD-2021-24041

Malware in sbrugna...

EUVD-2009-1814

Malware in sbrugna...

EUVD-2018-6855

Malware in sbrugna...

code-projects Simple Food Ordering System 安全漏洞

Simple Food Ordering System is a simple food ordering system. The Simple Food Ordering System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Category in the file /product.php. An attacker can exploit thi...

EUVD-2021-30060

Malicious code in bioql PyPI...

EUVD-2025-16852

Malicious code in bioql PyPI...

EUVD-2024-53698

Malicious code in bioql PyPI...

EUVD-2025-26274

Malicious code in bioql PyPI...

CVE-2025-51969

A SQL Injection vulnerability exists in the product.php page of PuneethReddyHC Online Shopping System Advanced 1.0. This flaw is present in the productid GET parameter, which is not properly validated before being included in a SQL statement...

CVE-2025-9692

A vulnerability was found in Campcodes Online Shopping System 1.0. Affected is an unknown function of the file /product.php. Performing manipulation of the argument p results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used...