14 matches found
CVE-2026-46408
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the checkout endpoint accepts a user-controlled cartid and uses it to enter the payment flow without verifying cart ownership. A logged-in attacker can therefore reuse another...
CVE-2026-46408
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the checkout endpoint accepts a user-controlled cartid and uses it to enter the payment flow without verifying cart ownership. A logged-in attacker can therefore reuse another...
Vvveb 安全漏洞
Vvveb is a powerful and easy-to-use CMS developed by Givan’s individual developers. It is used to build websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.3 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the checkout endpoint accepted...
CVE-2026-31867 Craft Commerce has a Potential IDOR in Commerce carts
Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.11.0 and 5.6.0, An Insecure Direct Object Reference IDOR vulnerability exists in Craft Commerce’s cart functionality that allows users to hijack any shopping cart by knowing or guessing its 32-character number. The CartController...
Online Eyewear Shop 安全漏洞
Online Eyewear Shop is an online eyewear store by the individual developer Carlo Montero. A security vulnerability exists in Online Eyewear Shop version 1.0, which stems from an unknown part of the Cart Content Handler component, where the manipulation of the parameter cartid/id results in improp...
CVE-2023-27638
An issue was discovered in the tshirtecommerce aka Custom Product Designer component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised tshirtecommercedesigncartid GET parameter in order to exploit an insecure parameter in the functions hookActionCartSave and...
PrestaShop SQL注入漏洞
PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution offers multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in PrestaShop tshirtecommerce version 2.1.4, which stems from the ability to...
VulnCheck KEV: CVE-2023-27638
An issue was discovered in the tshirtecommerce aka Custom Product Designer component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised tshirtecommercedesigncartid GET parameter in order to exploit an insecure parameter in the functions hookActionCartSave and...
PT-2023-16455 · Sourcecodester · Sourcecodester Online Eyewear Shop
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Eyewear Shop version 1.0 Description: A critical issue has been found, affecting the function update cart of the file /oews/classes/Master.php?f=update cart in the HTTP POST Request Handler component. The manipulation of...
Online Eyewear Shop SQL注入漏洞
Online Eyewear Shop is an online eyewear store by the personal developer Carlo Montero. A SQL injection vulnerability exists in Online Eyewear Shop version 1.0, which stems from an incorrect manipulation of the parameter cartid resulting in sql injection...
SQL Injection Vulnerability in the cartSettlement Method of ShopSn V2.0 Mall System
ShopsN Mall system is a product of Shanghai Yiso Network Technology Co., Ltd, an enterprise-class commercial standard full-featured allow free commercial use of open source online store full network system. A SQL injection vulnerability exists in the cartid parameter in the cartSettlement method ...
ViArt Shopping Cart 3.5 XSS / Info Disclosure
============================================================== ViArt Shopping Cart v3.5 is multiple remote vulnerbalities maybe anathor version ============================================================== --==Author==-- : Florinu --==E-mail==-- : [email protected] -dont add to your messenger ...
Viart shopping cart 3.5 - Multiple Vulnerabilities
=============================================================== !vuln ViArt Shopping Cart v3.5 is prone to multiple remote vulnerabilities. Earlier versions may also be affected. ===============================================================...
PT-2001-2334 · Agora · Agora
Name of the Vulnerable Software and Affected Versions: Agora versions 3.0a through 4.0g Description: The issue allows remote attackers to execute Javascript on other clients via the cart id parameter in agora.cgi when debug mode is enabled. This occurs because of a cross-site scripting issue...