E-commerce 安全漏洞

E-commerce is a dynamic e-commerce website developed by Bhabishya Ghimire as an individual developer. Version 1.0.0 of E-commerce has security vulnerabilities; these vulnerabilities stem from improper handling of ID parameters in the Delete/Update functions of the product management module, which...

EUVD-2007-1417

Malware in sbrugna...

EUVD-2008-5761

Malware in sbrugna...

EUVD-2024-29109

Malicious code in bioql PyPI...

EUVD-2023-44809

Malicious code in bioql PyPI...

EUVD-2022-3711

Malicious code in bioql PyPI...

CVE-2024-7882

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Special Minds Design and Software e-Commerce allows SQL Injection. This issue affects e-Commerce: before 22.11.2024...

CVE-2021-21302

PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 there is a CSV Injection vulnerability possible by using shop search keywords via the admin panel. The problem is fixed in 1.7.7.2...

Buying Stuff For Free From Shopping Websites

Rapid7 is often tasked with evaluating the security of e-commerce sites. When dealing directly with customer financials, the security of these transactions is a top concern. Fortunately, there are ample pre-built e-commerce platforms one can simply purchase or install. From an attacker’s...

CVE-2024-36680: SQL Injection Vulnerability in Facebook’s PrestaShop Module Exposes Thousands of E-commerce Sites to Credit Card Fraud

SQL Injection Exposure in Promokit.eu Threatens Facebook's PrestaShop Customers PrestaShop is a free, open-source E-commerce platform launched in 2007. Built with PHP and MySQL, it offers customizable, scalable solutions for online stores. Features include product management, inventory tracking,...

OpenCart SQL Injection Vulnerability (CNVD-2024-30072)

OpenCart is an open source online store management system for creating and managing e-commerce websites. It is known for its user-friendliness and flexibility for online stores of different sizes. OpenCart suffers from an SQL injection vulnerability that stems from the presence of an SQL injectio...

Cyberattacks Targeting E-commerce Applications

Cyber attacks on e-commerce applications are a common trend in 2023 as e-commerce businesses become more omnichannel, they build and deploy increasingly more API interfaces, with threat actors constantly exploring more ways to exploit vulnerabilities. This is why regular testing and ongoing...

Activities in the Cybercrime Underground Require a New Approach to Cybersecurity

As Threat Actors Continuously Adapt their TTPs in Today's Threat Landscape, So Must You Earlier this year, threat researchers at Cybersixgill released the annual report, The State of the Cybercrime Underground. The research stems from an analysis of Cybersixgill's collected intelligence items...

Wordfence WooCommerce 2FA: Set Up This New Feature To Protect Your Customers

On February 15, we made the exciting announcement that the latest release of Wordfence, version 7.9.0, includes a new feature: WooCommerce 2FA two-factor authentication for customer level users. What does this mean for you as an e-commerce store operator? And how can you start using this feature?...

Use multiple time the one-time coupon

Description I create a coupon only for one user and a one-time use coupon. Then create two users, and both of them can use the coupon, but only one of them should be able to use the coupon. Proof of Concept first, create a one-time and one-user coupon code that, e.g. is aaaaa. the attacker has tw...

Critical Magento 0-Day Vulnerability Under Active Exploitation — Patch Released

Adobe on Sunday rolled out patches to contain a critical security vulnerability impacting its Commerce and Magento Open Source products that it said is being actively exploited in the wild. Tracked as CVE-2022-24086, the shortcoming has a CVSS score of 9.8 out of 10 on the vulnerability scoring...

The role of runtime protection in eCommerce security

What is e-commerce security? E-commerce security is the set of guidelines that are designed to allow safe transactions on the web. These guidelines include steps and protocols that help protect the sale and purchase of goods and services online. Appropriate e-commerce security measures boost...

Unspecified Vulnerability in Oracle E-Business Suite (CNVD-2021-39950)

Oracle E-Business Suite is an extension of the original Application ERP, including ERP Enterprise Resource Planning, HR Human Resource Management, CRM Customer Relationship Management, and so on, a collection of management software, is a seamless integration of a management suite. oracle iStore i...

File Deletion Vulnerability in Bacardi CMS Microstore

Bacardi CMS MicroMall is a content management system CMS for e-commerce. A directory traversal vulnerability exists in Baike CMS Microstore, which can be exploited by an attacker to traverse a deleted directory...

Adobe Magento SQL Injection Vulnerability

Adobe Magento is Adobe's one with PHP written in open source e-commerce platform.Magento Community Edition is the community edition, later renamed Magento Open Source, Magento Enterprise Edition is the enterprise edition, later renamed Magento Magento Enterprise Edition is the enterprise edition,...