360 matches found
PT-2026-4966
code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /insertmessage.php via the userid parameter...
CVE-2025-69562
code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /insertmessage.php via the userid parameter...
EUVD-2025-206390
code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /insertmessage.php via the userid parameter...
CVE-2025-69562
code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /insertmessage.php via the userid parameter...
Code-Projects Mobile Shop Management System security vulnerabilities
Code-Projects Mobile Shop Management System is an open-source mobile store management system developed by Code-Projects. Version 1.0 of the code-projects Mobile Shop Management System contains a security vulnerability. This vulnerability stems from improper handling of the userid parameter in the...
CVE-2023-36331
Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users' order details via manipulation of the query parameter userId...
xmall 安全漏洞
XMall is a distributed e-commerce shopping mall based on SOA architecture by the individual developer of Exrick. A security vulnerability exists in version 1.1 of xmall, which stems from improper access control of the /member/orderList API, and could lead to an attacker accessing other users' ord...
CVE-2023-36331
Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users' order details via manipulation of the query parameter userId...
CVE-2023-36331
CVE-2023-36331 affects xmall v1.1. The /member/orderList API has improper access control that lets an attacker read other users’ order details by manipulating the userId query parameter. The CVSS 3.1 base score is 8.2 (NETWORK, LOW attack complexity, no privileges required, confidentiality impact...
CVE-2021-33223
An issue discovered in SeedDMS 6.0.15 allows an attacker to escalate privileges via the userid and role parameters in the out.UsrMgr.php file...
EUVD-2025-205604
A vulnerability was identified in code-projects Assessment Management 1.0. This affects an unknown part of the file login.php. Such manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used...
CVE-2025-15196
A vulnerability was identified in code-projects Assessment Management 1.0. This affects an unknown part of the file login.php. Such manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used...
Code-Projects Assessment Management SQL注入漏洞
Code-Projects Assessment Management is a Code-Projects open source assessment management system. Code-Projects Assessment Management version 1.0 has a SQL injection vulnerability, the vulnerability stems from the wrong operation of the parameter userid in the file login.php, which may lead to SQL...
CVE-2025-63742
SQL Injection vulnerability in function setwxqyAction in file webmain/task/api/loginAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other critical data via the shouji and userid...
CVE-2025-63742
SQL Injection vulnerability in function setwxqyAction in file webmain/task/api/loginAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other critical data via the shouji and userid...
PT-2025-50100
Name of the Vulnerable Software and Affected Versions Xinhu Rainrock RockOA version 2.7.0 Description A SQL Injection issue exists in the setwxqyAction function within the webmain/task/api/loginAction.php file. This allows attackers to obtain sensitive information, including administrator account...
CVE-2025-63742
SQL Injection vulnerability in function setwxqyAction in file webmain/task/api/loginAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other critical data via the shouji and userid...
CVE-2025-63742
Xinhu Rainrock RockOA 2.7.0 is identified as vulnerable to a SQL injection in function setwxqyAction of webmain/task/api/loginAction.php, exploitable via the shouji and userid parameters. The issue could reveal administrator accounts, password hashes, database structure, and other sensitive data....
CVE-2025-12854
A vulnerability was identified in newbee-mall-plus up to 2.4.1. This vulnerability affects the function executeSeckill of the file /seckillExecution/. The manipulation of the argument userid leads to authorization bypass. It is possible to initiate the attack remotely. The attack is considered to...
CVE-2025-12854 newbee-mall-plus seckillExecution executeSeckill authorization
A vulnerability was identified in newbee-mall-plus up to 2.4.1. This vulnerability affects the function executeSeckill of the file /seckillExecution/. The manipulation of the argument userid leads to authorization bypass. It is possible to initiate the attack remotely. The attack is considered to...