19 matches found
EUVD-2024-51250
Malicious code in bioql PyPI...
CVE-2024-12991
A vulnerability was found in Beijing Longda Jushang Technology DBShop商城系统 3.3 Release 231225. It has been declared as problematic. This vulnerability affects unknown code of the file /home-order. The manipulation of the argument orderStatus with the input %22%3E%3Csvg%20onload=alert5888%3E leads ...
CVE-2024-12991
CVE-2024-12991 affects Beijing Longda Jushang Technology DBShop商城系统 3.3 Release 231225. The vulnerable component is the file /home-order, where the parameter orderStatus can be manipulated to trigger a cross-site scripting (XSS) attack. The payload shown in reports, %22%3E%3Csvg%20onload=alert(58...
CVE-2024-12991 Beijing Longda Jushang Technology DBShop商城系统 home-order cross site scripting
A vulnerability was found in Beijing Longda Jushang Technology DBShop商城系统 3.3 Release 231225. It has been declared as problematic. This vulnerability affects unknown code of the file /home-order. The manipulation of the argument orderStatus with the input %22%3E%3Csvg%20onload=alert5888%3E leads ...
DBShop 代码注入漏洞
DBShop is a generation of e-commerce system from China Longda Vantage DBShop Company. A code injection vulnerability exists in DBShop 3.3 Release 231225. An attacker exploits this vulnerability to cause a cross-site scripting attack by using the input %22%3E%3Csvg%20onload=alert5888%3E incorrectl...
PT-2024-17854 · Beijing Longda Jushang Technology · Dbshop市场系统
Name of the Vulnerable Software and Affected Versions: Beijing Longda Jushang Technology DBShop商城系统 version 3.3 Release 231225 Description: A cross-site scripting issue affects the /home-order file, where manipulating the orderStatus argument with a specific input leads to cross-site scripting. T...
SQL Injection Vulnerability in DBShop
DBShop is an e-commerce system. DBShop suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...
DBshop is vulnerable to XSS
DBShop is an e-commerce system. DBshop suffers from an XSS vulnerability that can be exploited by an attacker to obtain an administrator cookie...
SQL Injection Vulnerability in DBShop System
DBShop is an e-commerce system. A SQL injection vulnerability exists in the DBShop system, which can be exploited by attackers to obtain sensitive information from the database...
Command execution vulnerability in DBShop system (CNVD-2019-23860)
DBShop is an e-commerce system. A command execution vulnerability exists in the DBShop system that can be exploited by an attacker to gain server privileges...
SQL injection vulnerability in DBShop frontend Go***.php file
DBShop is an e-commerce system. A SQL injection vulnerability exists in the DBShop frontend Go.php file. An attacker can exploit the vulnerability to obtain sensitive database information...
SQL Injection Vulnerability in DBShop search_content Parameter
DBShop based on PHP official ZendFramework 2 framework for the development of a new generation of e-commerce system perfect support for PHP7. A SQL injection vulnerability exists in the DBShop searchcontent parameter, due to the program failing to filter user input data. An attacker can exploit...
DBShop e-commerce system has SQL injection vulnerability in the frontend
DBShop based on PHP official ZendFramework 2 framework for the development of a new generation of e-commerce system. A SQL injection vulnerability exists in the frontend of DBShop e-commerce system. An attacker can exploit the vulnerability to obtain database information...
Logic Design Flaw Vulnerability in DBSHOP_0.9.3_Beta
DBShop is an open source e-commerce online store system developed using endFramework. DBSHOP0.9.3Beta /module/Mobile/src/Mobile/Controller/HomeController.php there is a logical design flaw vulnerability . As the parameters of the post are passed to $passArray to determine whether the original...
Stored Cross-Site Scripting Vulnerability in DBSHOP_0.9.3_Beta
DBShop is an open source e-commerce online store system developed using endFramework. A stored cross-site scripting vulnerability exists at DBSHOP0.9.3Beta /module/Goods/view/goods/ask/index.phtml. Due to the failure to handle the output to the page of the inquiry response, the content is directl...
SQL Injection Vulnerability in DBSHOP_0.9.3_Beta Frontend
DBShop is an open source e-commerce online store system developed using endFramework. DBSHOP0.9.3Beta front SQL injection vulnerability . Due to /module/Shopfront/src/Shopfront/Controller/ArticleController.php at the id parameter spliced into the infoArticle failed to use quotation marks filter ,...
An SQL injection vulnerability exists in the DBSHOP_0.9.3_Beta getQuery() function.
DBShop is an open source e-commerce online store system developed using endFramework. DBSHOP0.9.3Beta suffers from SQL injection vulnerability. Due to the /DBSHOP/module/Shopfront/src/Shopfront/Controller/GoodslistController.php at indexAction first through getQuery to get all the parameters,...
SQL Injection Vulnerability in DBSHOP_0.9.3_Beta goodsSearchAction Function
DBShop is an open source e-commerce online store system developed using endFramework. DBSHOP0.9.3Beta goodsSearchAction function SQL injection vulnerability . After obtaining the parameters timesort, clicksort, pricesort, the key name and key value will be spliced into the sql statement to bring ...
Logic design flaw vulnerability at DBSHOP_0.9.3_Beta /module/Shopfront/src/Shopfront/Controller/CartController.php
DBShop is an open source e-commerce online store system developed using endFramework. DBSHOP0.9.3Beta /module/Shopfront/src/Shopfront/Controller/CartController.php at the logical design flaws vulnerability. When adding an order, it fails to determine the quantity of the product and directly...