CVE-2018-25340

Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to category.php with UNION-based SQL injection payloads in the id parameter to extract...

CVE-2018-25343 Smartshop 1 Cross-Site Request Forgery via editprofile.php

Smartshop 1 contains a cross-site request forgery vulnerability that allows attackers to modify user profiles by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting editprofile.php with hidden fields for email and password parameters that...

EUVD-2018-21863

Smartshop 1 contains a cross-site request forgery vulnerability that allows attackers to modify user profiles by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting editprofile.php with hidden fields for email and password parameters that...

CVE-2018-25342 Smartshop 1 SQL Injection via search.php

Smartshop 1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'searched' parameter in search.php. Attackers can send GET requests with malicious SQL payloads like SLEEP commands to extract...

CVE-2018-25343

Technical details for CVE-2018-25343 are not publicly available in the provided documents. Monitor for updates.

CVE-2018-25342

Smartshop 1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'searched' parameter in search.php. Attackers can send GET requests with malicious SQL payloads like SLEEP commands to extract...

CVE-2018-25343

Smartshop 1 contains a cross-site request forgery vulnerability that allows attackers to modify user profiles by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting editprofile.php with hidden fields for email and password parameters that...

CVE-2018-25342 Smartshop 1 SQL Injection via search.php

Smartshop 1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'searched' parameter in search.php. Attackers can send GET requests with malicious SQL payloads like SLEEP commands to extract...

EUVD-2018-21864

Smartshop 1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'searched' parameter in search.php. Attackers can send GET requests with malicious SQL payloads like SLEEP commands to extract...

CVE-2018-25343 Smartshop 1 Cross-Site Request Forgery via editprofile.php

Smartshop 1 contains a cross-site request forgery vulnerability that allows attackers to modify user profiles by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting editprofile.php with hidden fields for email and password parameters that...

CVE-2018-25341

CVE-2018-25341 concerns Smartshop 1 with a SQL injection vulnerability in product.php id parameter. The issue allows unauthenticated attackers to perform union-based SQL injection to extract database information, including usernames and database names. Connected sources confirm the vulnerability ...

CVE-2018-25341

Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to product.php with union-based SQL injection payloads in the id parameter to extract...

CVE-2018-25340

The CVE-2018-25340 entry affects Smartshop 1, with a SQL injection in category.php through the id parameter that allows unauthenticated attackers to send GET requests using UNION-based payloads to extract database data (e.g., usernames). The vulnerability is triggered via the id parameter and can...

CVE-2018-25340

Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to category.php with UNION-based SQL injection payloads in the id parameter to extract...

CVE-2018-25340 Smartshop 1 SQL Injection via category.php

Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to category.php with UNION-based SQL injection payloads in the id parameter to extract...

Smartshop 跨站请求伪造漏洞

Smartshop is an e-commerce website development template created by Ismail Ghallou. Version 1 of Smartshop has a cross-site request forgeing vulnerability. This vulnerability stems from cross-site request forgery, allowing attackers to manipulate user profiles by tricking authenticated users into...

Smartshop SQL注入漏洞

Smartshop is an e-commerce website development template created by Ismail Ghallou. Version 1 of Smartshop has a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the id parameter, which may allow unauthenticated attackers to execute arbitrary SQL queries...

Smartshop SQL注入漏洞

Smartshop is an e-commerce website development template created by Ismail Ghallou. Version 1 of Smartshop has a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the id parameter, which may allow unauthenticated attackers to execute arbitrary SQL queries...

Smartshop SQL注入漏洞

Smartshop is an e-commerce website development template created by Ismail Ghallou. Version 1 of Smartshop has a SQL injection vulnerability. This vulnerability arises from injecting SQL code through the searched parameter in the search.php file. It may allow unauthenticated attackers to manipulat...

Smartshop 1 - Cross-Site Request Forgery

Smartshop 1 - Cross-Site Request Forgery Exploit Title: Smartshop 1 - Cross site request forgery Date: 2018-06-02 Exploit Author: L0RD or [email protected] Software Link: https://github.com/smakosh/Smartshop/archive/master.zip Vendor Homepage:...