12 matches found
CVE-2026-24494
SQL Injection vulnerability in the /api/integrations/getintegrations endpoint of Order Up Online Ordering System 1.0 allows an unauthenticated attacker to access sensitive backend database data via a crafted storeid parameter in a POST request...
CVE-2026-24494
SQL Injection vulnerability in the /api/integrations/getintegrations endpoint of Order Up Online Ordering System 1.0 allows an unauthenticated attacker to access sensitive backend database data via a crafted storeid parameter in a POST request...
CVE-2026-24494 SQL injection vulnerability in Order Up Online Ordering System
SQL Injection vulnerability in the /api/integrations/getintegrations endpoint of Order Up Online Ordering System 1.0 allows an unauthenticated attacker to access sensitive backend database data via a crafted storeid parameter in a POST request...
CVE-2026-24494
SQL Injection vulnerability in the /api/integrations/getintegrations endpoint of Order Up Online Ordering System 1.0 allows an unauthenticated attacker to access sensitive backend database data via a crafted storeid parameter in a POST request...
CVE-2026-24494
CVE-2026-24494 : A SQL injection vulnerability affects Order Up Online Ordering System 1.0 via the POST /api/integrations/getintegrations endpoint, exploitable by an unauthenticated attacker through a crafted store_id parameter to access sensitive backend data. The root cause is improper handling...
PT-2026-21487
Name of the Vulnerable Software and Affected Versions Order Up Online Ordering System version 1.0 Description A SQL Injection flaw exists in the /api/integrations/getintegrations API endpoint of Order Up Online Ordering System 1.0. An unauthenticated attacker can exploit this issue by sending a...
CVE-2025-15213
A vulnerability has been found in code-projects Student File Management System 1.0. The affected element is an unknown function of the file /download.php of the component File Download Handler. The manipulation of the argument storeid leads to improper authorization. The attack is possible to be...
CVE-2025-15213 code-projects Student File Management System File Download download.php improper authorization
A vulnerability has been found in code-projects Student File Management System 1.0. The affected element is an unknown function of the file /download.php of the component File Download Handler. The manipulation of the argument storeid leads to improper authorization. The attack is possible to be...
EUVD-2025-205679
A vulnerability has been found in code-projects Student File Management System 1.0. The affected element is an unknown function of the file /download.php of the component File Download Handler. The manipulation of the argument storeid leads to improper authorization. The attack is possible to be...
CVE-2025-15213 code-projects Student File Management System File Download download.php improper authorization
A vulnerability has been found in code-projects Student File Management System 1.0. The affected element is an unknown function of the file /download.php of the component File Download Handler. The manipulation of the argument storeid leads to improper authorization. The attack is possible to be...
PT-2025-53831
Name of the Vulnerable Software and Affected Versions code-projects Student File Management System version 1.0 Description An improper authorization issue exists in the File Download Handler component of code-projects Student File Management System version 1.0. The issue is due to the manipulatio...
Shopify: Open redirect allows changing iframe content in *.myshopify.com/admin/themes/<id>/editor
Hi , I managed to bypass the fix you deployed to the issue I reported in 159522. Apparently this is what the fix does: - Redirecting to https://checkout.shopify.com/ / only is allowed. - For example: victim.myshopify.com/account/logout?returnurl=https://checkout.shopify.com// will work - but...