CVE-2026-44826

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvveb CMS does not validate the sign of the quantity parameter on the cart-add endpoint. Submitting a negative integer is accepted by the server and treated as a normal positi...

CVE-2026-44826

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvveb CMS does not validate the sign of the quantity parameter on the cart-add endpoint. Submitting a negative integer is accepted by the server and treated as a normal positi...

CVE-2026-44826 Vvveb: Vvveb CMS — Negative-quantity cart manipulation allows creation of orders with negative grand totals

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvveb CMS does not validate the sign of the quantity parameter on the cart-add endpoint. Submitting a negative integer is accepted by the server and treated as a normal positi...

EUVD-2026-30580

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvveb CMS does not validate the sign of the quantity parameter on the cart-add endpoint. Submitting a negative integer is accepted by the server and treated as a normal positi...

EUVD-2025-31428

Malicious code in bioql PyPI...

CVE-2025-11070

A vulnerability was identified in Projectworlds Online Shopping System 1.0. This affects an unknown part of the file /store/cartadd.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used...

CVE-2025-11070 Projectworlds Online Shopping System cart_add.php sql injection

A vulnerability was identified in Projectworlds Online Shopping System 1.0. This affects an unknown part of the file /store/cartadd.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used...

Projectworlds Online Shopping System SQL注入漏洞

Projectworlds Online Shopping System is an online shopping system from the Austrian company Projectworlds. A SQL injection vulnerability exists in Projectworlds Online Shopping System version 1.0, which stems from a misuse of the parameter ID in the file /store/cartadd.php, which could lead to a...

CVE-2025-7211

A vulnerability was found in code-projects LifeStyle Store 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /cartadd.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to t...

Code-Projects LifeStyle Store 注入漏洞

Code-Projects LifeStyle Store is a Code-Projects open source store software. An injection vulnerability exists in Code-Projects LifeStyle Store version 1.0, which originates from an SQL injection in the ID parameter of the cartadd.php file...

PT-2025-28835 · Unknown · Lifestylestore

Name of the Vulnerable Software and Affected Versions: LifeStyle Store version 1.0 Description: A critical issue has been found in the code, affecting the /cart add.php file, where the manipulation of the ID argument leads to SQL injection. This can be initiated remotely. Recommendations: For...

CVE-2023-1736

A vulnerability, which was classified as critical, has been found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. Affected by this issue is some unknown functionality of the file cart/controller.php?action=add. The manipulation of the argument PROID leads to sql injection. The identifi...

CVE-2025-1903

A vulnerability was found in Codezips Online Shopping Website 1.0. It has been rated as critical. This issue affects some unknown processing of the file /cartadd.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed t...

CVE-2023-1736

A vulnerability, which was classified as critical, has been found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. Affected by this issue is some unknown functionality of the file cart/controller.php?action=add. The manipulation of the argument PROID leads to sql injection. The identifi...

CVE-2021-46024

Projectworlds online-shopping-webvsite-in-php 1.0 suffers from a SQL Injection vulnerability via the "id" parameter in cartadd.php, No login is required...

CVE-2021-46024

Projectworlds online-shopping-webvsite-in-php 1.0 suffers from a SQL Injection vulnerability via the "id" parameter in cartadd.php, No login is required...

CVE-2021-46024

Projectworlds online-shopping-webvsite-in-php 1.0 suffers from a SQL Injection vulnerability via the "id" parameter in cartadd.php, No login is required...

Sql injection

Projectworlds online-shopping-webvsite-in-php 1.0 suffers from a SQL Injection vulnerability via the "id" parameter in cartadd.php, No login is required...