6 matches found
CVE-2026-25993
EverShop is a TypeScript-first eCommerce platform. During category update and deletion event handling, the application embeds path / requestpath values—derived from the urlkey stored in the database—into SQL statements via string concatenation and passes them to execute. As a result, if a malicio...
CVE-2026-25993 EverShop has a Second-Order SQL Injection in URL Rewrite Processing Derived from Category URL Keys
EverShop is a TypeScript-first eCommerce platform. During category update and deletion event handling, the application embeds path / requestpath values—derived from the urlkey stored in the database—into SQL statements via string concatenation and passes them to execute. As a result, if a malicio...
CVE-2026-25993
EverShop is a TypeScript-first eCommerce platform. During category update and deletion event handling, the application embeds path / requestpath values—derived from the urlkey stored in the database—into SQL statements via string concatenation and passes them to execute. As a result, if a malicio...
EverShop SQL注入漏洞
EverShop is an open-source NodeJS e-commerce platform developed by EverShop. Versions of EverShop prior to 2.1.1 contained a SQL injection vulnerability. This vulnerability occurred when processing category updates and deletions, where the urlkey value was embedded into SQL statements through...
CVE-2026-1081
The Set Bulk Post Categories plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the bulk category update functionality. This makes it possible for unauthenticated attackers to modify post categorie...
Moodle 4.0.x < 4.0.11 Multiple Vulnerabilities
According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.24 / 3.11.x prior to 3.11.17 / 4.0.x prior to 4.0.11 / 4.1.x prior to 4.1.6 / 4.2.x prior to 4.2.3. It is, therefore, affected by multiple vulnerabilities: - Forum summary report shows students fr...