CVE-2019-25497

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the currency parameter. Attackers can send GET requests to shoppingcart.php with malicious currency values using boolean-based SQL injection...

EUVD-2019-19723

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the currency parameter. Attackers can send GET requests to shoppingcart.php with malicious currency values using boolean-based SQL injection...

CVE-2019-25497

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the currency parameter. Attackers can send GET requests to shoppingcart.php with malicious currency values using boolean-based SQL injection...

CVE-2019-25497

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the currency parameter. Attackers can send GET requests to shoppingcart.php with malicious currency values using boolean-based SQL injection...

CVE-2019-25497

CVE-2019-25497 affects osCommerce 2.3.4.1, where an unauthenticated attacker can manipulate database queries via the currency parameter. The vulnerability enables SQL injection by sending crafted GET requests to shopping_cart.php with boolean-based payloads to extract data. Impact is indicated as...

CVE-2019-25497 osCommerce 2.3.4.1 SQL Injection via currency Parameter

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the currency parameter. Attackers can send GET requests to shoppingcart.php with malicious currency values using boolean-based SQL injection...

CVE-2019-25497 osCommerce 2.3.4.1 SQL Injection via currency Parameter

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the currency parameter. Attackers can send GET requests to shoppingcart.php with malicious currency values using boolean-based SQL injection...

CVE-2019-25497

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the currency parameter. Attackers can send GET requests to shoppingcart.php with malicious currency values using boolean-based SQL injection...

osCommerce SQL注入漏洞

osCommerce is a set of open-source e-commerce solutions based on the GNU GPL license, developed by the osCommerce company. Version 2.3.4.1 of osCommerce contains a SQL injection vulnerability. This vulnerability stems from the currency parameter, which allows for SQL injections, potentially...

PT-2026-22365

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the currency parameter. Attackers can send GET requests to shopping cart.php with malicious currency values using boolean-based SQL injectio...

CVE-2025-15058

The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tablecurrency' parameter in all versions up to, and including, 5.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-15058 Responsive Pricing Table <= 5.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'table_currency'

The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tablecurrency' parameter in all versions up to, and including, 5.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

PT-2026-1640

Name of the Vulnerable Software and Affected Versions Responsive Pricing Table plugin for WordPress versions up to and including 5.1.12 Description The software contains a flaw due to insufficient input sanitization and output escaping. This allows authenticated attackers with Contributor-level...

EUVD-2006-3425

Malware in sbrugna...

itsourcecode Online Tour and Travel Management 注入漏洞

itsourcecode Online Tour and Travel Management is itsourcecode open source an online tour and travel management system . An injection vulnerability exists in itsourcecode Online Tour and Travel Management version 1.0, which originates from a SQL injection due to incorrect manipulation of the...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the currency parameter of the Currency.php script. An attacker can execute arbitrary JavaScript code in the user's browser by crafting malicious input that is improperly sanitized. PoC html...

Cross-site Scripting (XSS)

Overview phpoffice/phpspreadsheet is a Spreadsheet engine that Read, Create and Write Spreadsheet documents in PHP . Affected versions of this package are vulnerable to Cross-site Scripting XSS via the currency parameter of the Currency.php script. An attacker can execute arbitrary JavaScript cod...

Cross-site Scripting (XSS)

Overview phpoffice/phpspreadsheet is a Spreadsheet engine that Read, Create and Write Spreadsheet documents in PHP . Affected versions of this package are vulnerable to Cross-site Scripting XSS through the Accounting.php file due to improper sanitization of the currency parameter. An attacker can...

PT-2024-5174 · Unknown · Tailoring Management System

Name of the Vulnerable Software and Affected Versions: Tailoring Management System version 1.0 Description: A critical issue has been identified in the Tailoring Management System, affecting the setgeneral.php file. This issue is related to the lack of protection against SQL query structure...

CVE-2024-2149

A vulnerability classified as critical was found in CodeAstro Membership Management System 1.0. This vulnerability affects unknown code of the file settings.php. The manipulation of the argument currency leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed ...