15 matches found
CVE-2026-45054
CubeCart is an ecommerce software solution. Prior to 6.7.0, the admin orders-transactions listing page admin.php?g=orders&node=transactions builds a raw ORDER BY SQL fragment from the attacker-controlled $GET'sort' array without column or direction validation. Both the column key and the directio...
CVE-2026-45054 CubeCart: Authenticated SQL Injection via `sort[]` Parameter in Admin Orders Transactions Listing
CubeCart is an ecommerce software solution. Prior to 6.7.0, the admin orders-transactions listing page admin.php?g=orders&node=transactions builds a raw ORDER BY SQL fragment from the attacker-controlled $GET'sort' array without column or direction validation. Both the column key and the directio...
code-projects Currency Exchange System SQL注入漏洞
Currency Exchange System is a currency exchange system. The Currency Exchange System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file /edittrns.php. An attacker can exploit this vulnerabilit...
CVE-2022-40119
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the searchterm parameter at /net-banking/transactions.php...
PT-2023-22701 · Ebankit · Ebankit
Name of the Vulnerable Software and Affected Versions: ebankIT versions prior to 7 Description: An issue exists where Document Object Model based XSS is present within the "/Security/Transactions/Transactions.aspx" endpoint. Users can supply their own JavaScript within the...
ebankIT 6 Cross Site Scripting
CVE-2023-30454 Description An issue was discovered in ebankIT before version 7. Document Object Model based XSS exists within the /Security/Transactions/Transactions.aspx endpoint. Users can supply their own JavaScript within the...
CVE-2022-44820
Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/?page=transactions/managetransaction&id=...
PT-2022-27318 · Unknown · Automotive Shop Management System
Name of the Vulnerable Software and Affected Versions: Automotive Shop Management System version 1.0 Description: The issue concerns a SQL Injection vulnerability. It can be exploited via the "/asms/admin/?page=transactions/manage transaction&id=" endpoint, specifically through the id variable...
CVE-2022-40119
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the searchterm parameter at /net-banking/transactions.php...
Online Banking System SQL注入漏洞
Online Banking System is an online banking system developed using PHP and MySQL. v1.0 of Online Banking System contains a security vulnerability that originates in the searchterm parameter in the /net-banking/transactions.php location. injection issue in the searchterm parameter at...
CVE-2022-32000
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=servicetransactions/manageservicetransaction&id=...
Badminton Center Management System SQL注入漏洞
Badminton Center Management System is a badminton center management system from Carlo Montero's personal developer. It provides an online and automated platform for badminton centers to manage their daily transactions and records. version v1.0 of Badminton Center Management System is vulnerable t...
Badminton Center Management System SQL注入漏洞
Badminton Center Management System is a badminton center management system from Carlo Montero's personal developer. It provides an online and automated platform for badminton centers to manage their daily transactions and records.Badminton Center Management System version v1.0 is vulnerable to SQ...
CVE-2022-30374
Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/?page=transactions/managetransaction&id=...
Subrion CMS 跨站脚本漏洞
Subrion CMS is a PHP-based content management system CMS from the Subrion team. The system can be integrated into a website and supports a variety of extensions plugins and more. A cross-site scripting vulnerability exists in Subrion CMS 4.2.1 and earlier versions. The vulnerability can be...