82 matches found
Command Execution Vulnerability in DSMall
DSMall is a comprehensive mall platform system. DSMall suffers from a command execution vulnerability that can be exploited by attackers to execute malicious code...
Command execution vulnerability exists in DSMall (CNVD-2020-24701)
DSMall is a comprehensive mall platform system. DSMall suffers from a command execution vulnerability that can be exploited by attackers to execute malicious code...
php deserialization vulnerability in dsmall v5.0.6 frontend
dsmall mall system is a complete set of B2B2C multi-store mall solution. The system uses the domestic excellent open source framework THinkPHP , H5 end using vue.js , front and back end separation , based on PHP MySQL development , using B/S architecture. dsmall v5.0.6 front-end php deserializati...
DSMall has a flawed logic vulnerability
DSMALL is a large B2B2C multi-user mall system , enterprise-class e-commerce mall system , code open source . DSMall there are logical flaws vulnerabilities , attackers can exploit the vulnerability to delete any account invoice information...
Logic flaw vulnerability in DSMall Me***.php file
DSMall mall system is a complete set of B2B2C multi-store mall solutions. A logic flaw vulnerability exists in the DSMall Me.php file. An attacker can exploit the vulnerability to perform unauthorized operations, including modifying the information of items posted by any account and modifying the...
DSMall open source multi-user mall system front-end command execution vulnerability
DSMall is an open source B2B2C e-commerce system created by Deshaun Networks. DSMall open source multi-user mall system in the foreground there is a command injection vulnerability . Attackers can use the vulnerability to obtain server privileges...
CVE-2018-9307
dsmall v20180320 allows XSS via the pdrsn parameter to public/index.php/home/predeposit/index.html...
CVE-2018-9307
dsmall v20180320 allows XSS via the pdrsn parameter to public/index.php/home/predeposit/index.html...
CVE-2018-9307
dsmall v20180320 allows XSS via the pdrsn parameter to public/index.php/home/predeposit/index.html...
CVE-2018-9307
The CVE concerns dsmall v20180320, where an XSS flaw exists via the pdr_sn parameter in public/index.php/home/predeposit/index.html. The underlying issue is not detailed beyond the XSS mechanism; no explicit root-cause, affected versions beyond v20180320, or patch/mitigation is provided in the do...
dsmall Physical Path Disclosure Vulnerability
dsmall is a multi-user platform-level online shopping mall system. A security vulnerability exists in dsmall version 20180320. An attacker can exploit the vulnerability by sending public/index.php/home/predeposit/index.html?pdrsn=request to obtain a physical path...
dsmall cross-site scripting vulnerability (CNVD-2018-07545)
dsmall is a multi-user platform-level online shopping mall system. A cross-site scripting vulnerability exists in dsmall version 20180320. A remote attacker can exploit this vulnerability by sending the 'pdrsn' parameter to the public/index.php/home/predeposit/index.html page to inject arbitrary...
dsmall cross-site scripting vulnerability (CNVD-2018-07546)
dsmall is a multi-user platform-level online shopping mall system. A cross-site scripting vulnerability exists in dsmall version 20180320. A remote attacker can use the main page query box in the public/index.php/home URI to inject arbitrary HTML/JavaScript code to obtain sensitive information...
dsmall cross-site scripting vulnerability (CNVD-2018-07558)
dsmall is a multi-user platform-level online shopping mall system. A cross-site scripting vulnerability exists in dsmall version 20180320. A remote attacker can inject arbitrary HTML/JavaScript code to obtain sensitive information via the member query box in the...
CVE-2018-9015
dsmall v20180320 allows XSS via the public/index.php/home/predeposit/index.html pdrsn parameter aka the CMS search box...
CVE-2018-9016
dsmall v20180320 allows XSS via the main page search box at the public/index.php/home URI...
Design/Logic Flaw
dsmall v20180320 allows XSS via the main page search box at the public/index.php/home URI...
CVE-2018-9017
dsmall v20180320 allows XSS via the member search box at the public/index.php/home/membersnsfriend/findlist.html URI...
CVE-2018-9016
dsmall v20180320 allows XSS via the main page search box at the public/index.php/home URI...
CVE-2018-9014
dsmall v20180320 allows physical path leakage via a public/index.php/home/predeposit/index.html?pdrsn= request...