12 matches found
PT-2026-40941
Vvveb before 1.0.8.3 contains a stored cross-site scripting vulnerability in the customer signup flow where the Signup::addUser controller copies raw POST username values into the display name field before sanitization occurs. Attackers can submit HTML and script markup in the username field duri...
EUVD-2025-18767
Malicious code in bioql PyPI...
Online Shoe Store customer_signup.php File SQL Injection Vulnerability
Online Shoe Store is an online shoe store system. Online Shoe Store suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter email in the file /function/customersignup.php. An attacker can exploit this vulnerability...
CVE-2025-6354
A vulnerability, which was classified as critical, has been found in code-projects Online Shoe Store 1.0. Affected by this issue is some unknown functionality of the file /function/customersignup.php. The manipulation of the argument email leads to sql injection. The attack may be launched...
CVE-2025-6354 code-projects Online Shoe Store customer_signup.php sql injection
A vulnerability, which was classified as critical, has been found in code-projects Online Shoe Store 1.0. Affected by this issue is some unknown functionality of the file /function/customersignup.php. The manipulation of the argument email leads to sql injection. The attack may be launched...
PT-2025-26445 · Unknown · Code-Projects Online Shoe Store
Name of the Vulnerable Software and Affected Versions: code-projects Online Shoe Store version 1.0 Description: A critical vulnerability has been found in the code-projects Online Shoe Store. The issue affects an unknown functionality of the file /function/customer signup.php. The manipulation of...
Code-Projects Online Shoe Store 注入漏洞
Online Shoe Store is an online shoe store system. Online Shoe Store suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter email in the file /function/customersignup.php. An attacker can exploit this vulnerability...
Broadleaf vulnerable to Cross-site Scripting
Broadleaf 5.x and 6.x including 5.2.25-GA and 6.2.6-GA was discovered to contain a cross-site scripting XSS vulnerability via a customer signup with a crafted email address. This is fixed in 6.2.7-GA...
CVE-2023-33725
Broadleaf 5.x and 6.x including 5.2.25-GA and 6.2.6-GA was discovered to contain a cross-site scripting XSS vulnerability via a customer signup with a crafted email address. This is fixed in 6.2.6.1-GA...
CVE-2023-33725
Broadleaf 5.x and 6.x including 5.2.25-GA and 6.2.6-GA was discovered to contain a cross-site scripting XSS vulnerability via a customer signup with a crafted email address. This is fixed in 6.2.6.1-GA...
CVE-2023-33725
Broadleaf 5.x and 6.x including 5.2.25-GA and 6.2.6-GA was discovered to contain a cross-site scripting XSS vulnerability via a customer signup with a crafted email address. This is fixed in 6.2.6.1-GA...
Honeypot strategy is no longer effectively preventing spam account signup
panel:title=Fix From 3.9.5 onwards we have turned off the honeypot in favour of using captcha anyone affected by this issue just needs to switch the CAPTCHA on...