45 matches found
EUVD-2025-4263
Malicious code in bioql PyPI...
EUVD-2024-47767
Malicious code in bioql PyPI...
EUVD-2025-25713
Malicious code in bioql PyPI...
CVE-2025-50722
Insecure Permissions vulnerability in sparkshop v.1.1.7 allows a remote attacker to execute arbitrary code via the Common.php component...
CVE-2025-50722
Insecure Permissions vulnerability in sparkshop v.1.1.7 allows a remote attacker to execute arbitrary code via the Common.php component...
CVE-2025-50722
Insecure Permissions vulnerability in sparkshop v.1.1.7 allows a remote attacker to execute arbitrary code via the Common.php component...
CVE-2025-50722
Insecure Permissions vulnerability in sparkshop v.1.1.7 allows a remote attacker to execute arbitrary code via the Common.php component...
SparkShop 安全漏洞
SparkShop is a mall system in China SparkShop open source. A security vulnerability exists in SparkShop version 1.1.7, which stems from improperly set permissions on the Common.php component and could lead to arbitrary code execution...
CVE-2025-50722
Insecure Permissions vulnerability in sparkshop v.1.1.7 allows a remote attacker to execute arbitrary code via the Common.php component...
PT-2025-34685 · Sparkshop · Sparkshop
Name of the Vulnerable Software and Affected Versions: sparkshop version 1.1.7 Description: An insecure permissions issue exists in sparkshop version 1.1.7, potentially allowing a remote attacker to execute arbitrary code through the Common.php component. Recommendations: At the moment, there is ...
CVE-2025-50722
CVE-2025-50722 affects SparkShop v1.1.7. The vulnerability arises from insecure permissions on the Common.php component, enabling a remote attacker to execute arbitrary code. The CVSSv3.1 base score is 9.8 (CRITICAL) with network access, no authentication, and no user interaction required; impact...
CVE-2024-6730
A vulnerability was found in Nanjing Xingyuantu Technology SparkShop up to 1.1.6. It has been rated as critical. This issue affects some unknown processing of the file /api/Common/uploadFile. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely...
CVE-2024-40425
File Upload vulnerability in Nanjin Xingyuantu Technology Co Sparkshop Spark Mall B2C Mall v.1.1.6 and before allows a remote attacker to execute arbitrary code via the contorller/common.php component...
CVE-2024-46307
A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products...
CVE-2024-48107
SparkShop =1.1.7 is vulnerable to server-side request forgery SSRF. This vulnerability allows attacks to scan ports on the Intranet or local network where the server resides, attack applications running on the Intranet or local network, or read metadata on the cloud server...
CVE-2024-57685
An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar file...
CVE-2024-57685
An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar file...
CVE-2024-57685
An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar file...
CVE-2024-57685
An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar file...
Xingyuantu SparkShop 安全漏洞
Xingyuantu SparkShop is an open source shopping center from Xingyuantu, a Chinese company. A security vulnerability exists in Xingyuantu SparkShop v1.1.7 and earlier versions, which can be exploited for remote code execution via a specially crafted phar file...