Code-Projects Online Shopping Store 安全漏洞

Code-Projects Online Shopping Store is a Code-Projects open source online store. A security vulnerability exists in Code-Projects Online Shopping Store version 1.0, which originates from SQL injection due to incorrect manipulation of the parameters catid/brandid/keyword/proId/pid in file/action.p...

CVE-2025-3553

A vulnerability was found in phpshe 1.8. It has been declared as critical. This vulnerability affects the function pedelete of the file /admin.php?mod=brand&act=del. The manipulation of the argument brandid leads to sql injection. The attack can be initiated remotely. The exploit has been disclos...

PHPSHE 注入漏洞

PHPSHE is a set of online shopping mall system of China Lingbao Jane Hao Network Technology PHPSHE company. The system supports express tracking, online chat, order evaluation and statistics and other functions. PHPSHE 1.8 version of the existence of injection vulnerability, the vulnerability ste...

Carlisting 1.6 SQL Injection

Exploit Title: Carlisting 1.6 - SQL Injection Exploit Author: CraCkEr Date: 16/07/2023 Vendor: phpscriptpoint Vendor Homepage: https://phpscriptpoint.com/ Software Link: https://demo.phpscriptpoint.com/carlisting/ Tested on: Windows 10 Pro Impact: Database Access Description SQL injection attacks...

BiWEB最新商城版绕过过滤字符型注入一枚

简要描述： BiWEB最新商城版绕过过滤字符型注入一枚 详细说明： 在wooyun上看到了有人提了BiWEB的一个XSS漏洞： WooYun: BIWEB商城版XSS盲打cookie ，也有人提了SQL注入，我来找找其他的漏洞吧。去官网下BiWEB商城版最新的5.8.4来看看。 注入点在http://192.168.0.107/brand/list.php?brandid=1，其中brandid存在注入漏洞 先来看看BiWEB是怎么处理防注入的。首先BiWEB对用户输入进行了全局过滤filtrate.inc.php filtrateData方法的实现见下面 /...