Lucene search
K

360 matches found

Cvelist
Cvelist
added 2026/01/27 12:0 a.m.24 views

CVE-2025-69562

code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /insertmessage.php via the userid parameter...

0.00442EPSS
Exploits1References2
EUVD
EUVD
added 2026/01/27 12:0 a.m.6 views

EUVD-2025-206390

code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /insertmessage.php via the userid parameter...

9.8CVSS5.9AI score0.00442EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/01/27 12:0 a.m.2 views

CVE-2025-69562

code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /insertmessage.php via the userid parameter...

5.9AI score0.00442EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.7 views

PT-2026-4966

code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /insertmessage.php via the userid parameter...

5.9AI score0.00442EPSS
Exploits1References3
CVE
CVE
added 2026/01/27 12:0 a.m.15 views

CVE-2025-69562

The CVE-2025-69562 entry describes a SQL Injection flaw in code-projects Mobile Shop Management System 1.0, exploitable via the userid parameter in /insertmessage.php. The vulnerability arises from improper handling of input in that endpoint, enabling an attacker to manipulate SQL queries. CVSS m...

9.8CVSS5.9AI score0.00442EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/01/12 8:15 p.m.5 views

CVE-2023-36331

Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users' order details via manipulation of the query parameter userId...

8.2CVSS0.00206EPSS
Exploits1References1
CVE
CVE
added 2026/01/12 12:0 a.m.15 views

CVE-2023-36331

CVE-2023-36331 affects xmall v1.1. The /member/orderList API has improper access control that lets an attacker read other users’ order details by manipulating the userId query parameter. The CVSS 3.1 base score is 8.2 (NETWORK, LOW attack complexity, no privileges required, confidentiality impact...

8.2CVSS6.5AI score0.00206EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/01/12 12:0 a.m.11 views

xmall 安全漏洞

XMall is a distributed e-commerce shopping mall based on SOA architecture by the individual developer of Exrick. A security vulnerability exists in version 1.1 of xmall, which stems from improper access control of the /member/orderList API, and could lead to an attacker accessing other users' ord...

8.2CVSS6.6AI score0.00206EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/01/12 12:0 a.m.22 views

CVE-2023-36331

Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users' order details via manipulation of the query parameter userId...

0.00206EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:26 a.m.7 views

CVE-2021-33223

An issue discovered in SeedDMS 6.0.15 allows an attacker to escalate privileges via the userid and role parameters in the out.UsrMgr.php file...

8.8CVSS7.1AI score0.00804EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/29 6:30 p.m.4 views

EUVD-2025-205604

A vulnerability was identified in code-projects Assessment Management 1.0. This affects an unknown part of the file login.php. Such manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used...

7.5CVSS7.2AI score0.00393EPSS
Exploits1References6
OSV
OSV
added 2025/12/29 5:15 p.m.3 views

CVE-2025-15196

A vulnerability was identified in code-projects Assessment Management 1.0. This affects an unknown part of the file login.php. Such manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used...

9.8CVSS5.8AI score0.00393EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/12/29 12:0 a.m.4 views

Code-Projects Assessment Management SQL注入漏洞

Code-Projects Assessment Management is a Code-Projects open source assessment management system. Code-Projects Assessment Management version 1.0 has a SQL injection vulnerability, the vulnerability stems from the wrong operation of the parameter userid in the file login.php, which may lead to SQL...

9.8CVSS7.8AI score0.00393EPSS
Exploits1References6
OSV
OSV
added 2025/12/09 5:15 p.m.5 views

CVE-2025-63742

SQL Injection vulnerability in function setwxqyAction in file webmain/task/api/loginAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other critical data via the shouji and userid...

9.8CVSS5.9AI score0.00343EPSS
Exploits1References1
NVD
NVD
added 2025/12/09 5:15 p.m.5 views

CVE-2025-63742

SQL Injection vulnerability in function setwxqyAction in file webmain/task/api/loginAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other critical data via the shouji and userid...

9.8CVSS0.00343EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/12/09 12:0 a.m.4 views

CVE-2025-63742

SQL Injection vulnerability in function setwxqyAction in file webmain/task/api/loginAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other critical data via the shouji and userid...

7.8AI score0.00343EPSS
Exploits1References1
CVE
CVE
added 2025/12/09 12:0 a.m.16 views

CVE-2025-63742

Xinhu Rainrock RockOA 2.7.0 is identified as vulnerable to a SQL injection in function setwxqyAction of webmain/task/api/loginAction.php, exploitable via the shouji and userid parameters. The issue could reveal administrator accounts, password hashes, database structure, and other sensitive data....

9.8CVSS7.8AI score0.00343EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.6 views

PT-2025-50100

Name of the Vulnerable Software and Affected Versions Xinhu Rainrock RockOA version 2.7.0 Description A SQL Injection issue exists in the setwxqyAction function within the webmain/task/api/loginAction.php file. This allows attackers to obtain sensitive information, including administrator account...

9.8CVSS7.5AI score0.00343EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/11/08 12:54 p.m.8 views

CVE-2025-12854

A vulnerability was identified in newbee-mall-plus up to 2.4.1. This vulnerability affects the function executeSeckill of the file /seckillExecution/. The manipulation of the argument userid leads to authorization bypass. It is possible to initiate the attack remotely. The attack is considered to...

6.3CVSS6.7AI score0.00445EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/07 12:32 p.m.2 views

CVE-2025-12854 newbee-mall-plus seckillExecution executeSeckill authorization

A vulnerability was identified in newbee-mall-plus up to 2.4.1. This vulnerability affects the function executeSeckill of the file /seckillExecution/. The manipulation of the argument userid leads to authorization bypass. It is possible to initiate the attack remotely. The attack is considered to...

6.3CVSS6.5AI score0.00445EPSS
Exploits0References4
Rows per page
Query Builder