8 matches found
PT-2026-40812
Name of the Vulnerable Software and Affected Versions CubeCart versions prior to 6.7.0 Description The admin orders-transactions listing page at 'admin.php? g=orders&node=transactions' constructs a raw ORDER BY SQL fragment using the sort array from the $ GET variable without validating the colum...
CVE-2025-14554
The Sell BTC - Cryptocurrency Selling Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'orderformdata' AJAX action in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
EUVD-2025-206583
The Sell BTC - Cryptocurrency Selling Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'orderformdata' AJAX action in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
CVE-2025-14554 Sell BTC - Cryptocurrency Selling Calculator <= 1.5 - Unauthenticated Stored Cross-Site Scripting via 'orderform_data' AJAX Action
The Sell BTC - Cryptocurrency Selling Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'orderformdata' AJAX action in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
CVE-2024-33977
Cross-Site Scripting XSS vulnerability in E-Negosyo System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session cookie details via 'view' parameter in /admin/orders/index.php'...
CVE-2022-44295
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/orders/assignteam.php?id=...
Sanitization Management System SQL注入漏洞
Sanitization Management System is a sanitization management system by Carlo Montero Personal Developer. Sanitization Management System v1.0 is vulnerable to a SQL injection vulnerability that was discovered via the id parameter of /admin/?page=orders/managerequest to contain a SQL injection...
Online Pet Shop We App SQL注入漏洞
Online Pet Shop We App is an online pet store web application by Carlo Montero Personal Developer. A security vulnerability exists in version 1.0 of Online Pet Shop We App, which stems from an SQL injection issue in the id parameter of the /admin/?page=orders/vieworder location...