CVE-2025-10969

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Blind SQL Injection. This issue affects E-Commerce Package: through 27112025...

CVE-2025-61455

SQL Injection vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the signup.inc.php endpoint. The application directly incorporates unsanitized user inputs into SQL queries, allowing unauthenticated attackers to bypass authentication and gain full access...

EUVD-2007-5771

Malware in sbrugna...

EUVD-2019-1081

Malware in sbrugna...

EUVD-2023-45103

Malicious code in bioql PyPI...

EUVD-2024-54525

Malicious code in bioql PyPI...

EUVD-2023-2445

Malicious code in bioql PyPI...

EUVD-2023-0323

Malicious code in bioql PyPI...

EUVD-2022-6913

Malicious code in bioql PyPI...

CVE-2025-7175

A vulnerability was found in code-projects E-Commerce Site 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/usersphoto.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has...

CVE-2024-28714

SQL Injection vulnerability in CRMEBJava e-commerce system v.1.3.4 allows an attacker to execute arbitrary code via the groupid parameter...

CVE-2024-29888

Saleor is an e-commerce platform that serves high-volume companies. When using Pickup: Local stock only click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its address as click-and-collect address. This issue...

CVE-2024-37294

Aimeos is an Open Source e-commerce framework for online shops. All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack. Users should upgrade to versions 2022.10.17, 2023.10.17, or 2024.04 of the aimeos/aimeos-core package to...

CVE-2024-7882

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Special Minds Design and Software e-Commerce allows SQL Injection. This issue affects e-Commerce: before 22.11.2024...

CVE-2022-4237 Welcart e-Commerce < 2.8.6 - Subscriber+ PHAR Deserialisation

The Welcart e-Commerce WordPress plugin before 2.8.6 does not validate user input before using it in fileexist functions via various AJAX actions available to any authenticated users, which could allow users with a role as low as subscriber to perform PHAR deserialisation when they can upload a...

Shopizer Cross-Site Scripting Vulnerability

Shopizer is a Java open source e-commerce software. A stored cross-site scripting vulnerability exists in Shopizer versions prior to 2.17.0. A remote attacker can exploit this vulnerability to inject arbitrary Web script or HTML via the customername in various forms managed by the store...

PrestaShop CSV Injection Vulnerability

PrestaShop is a full-featured, cross-platform, free and open source e-commerce solution designed for web 2.0. A CSV injection vulnerability exists in PrestaShop versions prior to 1.7.2. An attacker can exploit this vulnerability by using the store search keyword in the admin panel to conduct a CS...

S-CMS e-commerce system aj***.php page L_*** parameter has SQL injection vulnerability

S-CMS e-commerce system is an e-commerce software. S-CMS e-commerce system aj.php page L parameter exists SQL injection vulnerability, an attacker can use the vulnerability to obtain database sensitive information...

SAP E-Commerce Code Injection Vulnerability

SAP E-Commerce is a set of e-commerce solutions from Germany's SAP. A code injection vulnerability exists in SAP E-Commerce, which arises from the failure of a network system or product to properly filter specific elements of externally entered data during the construction of a code segment, and...

Boozt Fashion AB: Make victim buy in attacker's account without any idea - http://www.booztlet.com/

INTRODUCTION ------------------------ During the testing of http://www.booztlet.com/ I have noticed that the account related links available from https://www.boozt.com/ are also available in http://www.booztlet.com/. This should not be the case, as this shop doesn't have a "My account" section...