80 matches found
CVE-2026-2347
Authorization bypass through User-Controlled key vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Session Hijacking. This issue affects E-Commerce Website: before 4.5.001...
CVE-2026-4613
SourceCodester E-Commerce Site 1.0 contains an SQL injection in the /products.php file triggered by the Search parameter. The vulnerability is exploitable remotely with a Proof-of-Concept exploit documented, affecting unknown code paths in the file. Reported CVSS metrics indicate high impact on c...
CVE-2024-2754
A vulnerability classified as critical has been found in SourceCodester Complete E-Commerce Site 1.0. Affected is an unknown function of the file /admin/usersphoto.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit h...
E-Commerce Website product_add_qty.php file SQL injection vulnerability
E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter prodid in file /pages/productaddqty.php. An attacker can exploit this vulnerability to execu...
PT-2025-41669
Name of the Vulnerable Software and Affected Versions code-projects E-Commerce Website version 1.0 Description A SQL injection issue exists in the /pages/delete order details.php script. Manipulation of the order id parameter can allow an attacker to execute arbitrary SQL commands on the database...
CVE-2025-11558
A vulnerability was found in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/userindexsearch.php. Performing manipulation of the argument Search results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public a...
Code-Projects E-Commerce Website SQL注入漏洞
E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from improper filtering of SQL statements submitted by the parameter suppid in the /pages/supplierupdate.php file, which can be exploited by an attacker to gain unauthorized...
CVE-2025-11511
A flaw has been found in code-projects E-Commerce Website 1.0. Affected is an unknown function of the file /pages/supplieradd.php. Executing manipulation of the argument suppemail can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...
EUVD-2024-51112
Malicious code in bioql PyPI...
EUVD-2025-21822
Malicious code in bioql PyPI...
EUVD-2023-59307
Malicious code in bioql PyPI...
EUVD-2025-20423
Malicious code in bioql PyPI...
EUVD-2024-44490
Malicious code in bioql PyPI...
E-Commerce Website admin_account_update.php file SQL injection vulnerability
E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter userid in the file /pages/adminaccountupdate.php. An attacker can exploit this vulnerabili...
CVE-2025-10793 code-projects E-Commerce Website admin_account_delete.php sql injection
A vulnerability was detected in code-projects E-Commerce Website 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/adminaccountdelete.php. Performing manipulation of the argument userid results in sql injection. It is possible to initiate the attack remotely. The...
CVE-2025-10793
CVE-2025-10793 affects code-projects E-Commerce Website 1.0. The vulnerability stems from improper validation/sanitization of the user_id argument in the file /pages/admin_account_delete.php, enabling a remotely exploitable SQL injection. Public exploits exist and attackers can leverage this to e...
E-Commerce Site Arbitrary File Upload Vulnerability
E-Commerce Site is an e-commerce site. E-Commerce Site suffers from an arbitrary file upload vulnerability that stems from improper manipulation of the parameter photo in the file /admin/usersphoto.php, no details of the vulnerability are available at this time...
CVE-2025-7756
A vulnerability classified as problematic has been found in code-projects E-Commerce Site 1.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used...
CVE-2025-7756
A vulnerability classified as problematic has been found in code-projects E-Commerce Site 1.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used...
CVE-2025-7756 code-projects E-Commerce Site cross-site request forgery
A vulnerability classified as problematic has been found in code-projects E-Commerce Site 1.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used...