45 matches found
EUVD-2025-25713
Malicious code in bioql PyPI...
EUVD-2025-4263
Malicious code in bioql PyPI...
EUVD-2024-47767
Malicious code in bioql PyPI...
CVE-2025-50722
Insecure Permissions vulnerability in sparkshop v.1.1.7 allows a remote attacker to execute arbitrary code via the Common.php component...
CVE-2025-50722
Insecure Permissions vulnerability in sparkshop v.1.1.7 allows a remote attacker to execute arbitrary code via the Common.php component...
CVE-2025-50722
Insecure Permissions vulnerability in sparkshop v.1.1.7 allows a remote attacker to execute arbitrary code via the Common.php component...
CVE-2025-50722
Insecure Permissions vulnerability in sparkshop v.1.1.7 allows a remote attacker to execute arbitrary code via the Common.php component...
PT-2025-34685 · Sparkshop · Sparkshop
Name of the Vulnerable Software and Affected Versions: sparkshop version 1.1.7 Description: An insecure permissions issue exists in sparkshop version 1.1.7, potentially allowing a remote attacker to execute arbitrary code through the Common.php component. Recommendations: At the moment, there is ...
CVE-2025-50722
Insecure Permissions vulnerability in sparkshop v.1.1.7 allows a remote attacker to execute arbitrary code via the Common.php component...
SparkShop 安全漏洞
SparkShop is a mall system in China SparkShop open source. A security vulnerability exists in SparkShop version 1.1.7, which stems from improperly set permissions on the Common.php component and could lead to arbitrary code execution...
CVE-2025-50722
CVE-2025-50722 affects SparkShop v1.1.7. The vulnerability arises from insecure permissions on the Common.php component, enabling a remote attacker to execute arbitrary code. The CVSSv3.1 base score is 9.8 (CRITICAL) with network access, no authentication, and no user interaction required; impact...
CVE-2024-6730
A vulnerability was found in Nanjing Xingyuantu Technology SparkShop up to 1.1.6. It has been rated as critical. This issue affects some unknown processing of the file /api/Common/uploadFile. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely...
CVE-2024-40425
File Upload vulnerability in Nanjin Xingyuantu Technology Co Sparkshop Spark Mall B2C Mall v.1.1.6 and before allows a remote attacker to execute arbitrary code via the contorller/common.php component...
CVE-2024-46307
A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products...
CVE-2024-48107
SparkShop =1.1.7 is vulnerable to server-side request forgery SSRF. This vulnerability allows attacks to scan ports on the Intranet or local network where the server resides, attack applications running on the Intranet or local network, or read metadata on the cloud server...
CVE-2024-57685
An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar file...
CVE-2024-57685
An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar file...
CVE-2024-57685
CVE-2024-57685 affects sparkshop v1.1.7 and earlier. The issue allows remote code execution via a crafted phar file. According to the linked data, the flaw has CVSS 3.1 base score 5.3 (NETWORK, LOW attack complexity, NONE privileges, NONE user interaction, I-LA, S-U). No explicit remediation or p...
CVE-2024-57685
An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar file...
CVE-2024-57685
An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar file...