Lucene search
K

193 matches found

CVE
CVE
added 2023/03/20 8:0 a.m.54 views

CVE-2023-1503

CVE-2023-1503 affects SourceCodester Alphaware Simple E-Commerce System 1.0. A SQL injection vulnerability exists in the admin/admin_index.php file, triggered by manipulating the username/password inputs (example payload: admin' AND (SELECT 8062 FROM (SELECT(SLEEP(5)))meUD)-- hLiX). The issue all...

8.1CVSS7.1AI score0.00608EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/03/20 8:0 a.m.58 views

CVE-2023-1502

CVE-2023-1502 affects SourceCodester Alphaware Simple E-Commerce System 1.0. The vulnerability is an SQL injection in the file function/edit_customer.php, triggered by manipulating the firstname/mi/lastname inputs (example payload: a' RLIKE SLEEP(5) AND 'dAbu'='dAbu). It can be exploited remotely...

8.1CVSS7AI score0.00608EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2023/03/20 12:0 a.m.4 views

SourceCodester E-Commerce System 跨站脚本漏洞

Moosikay E-Commerce System is an e-commerce system by the individual developer Arvin Arandilla. A cross-site scripting vulnerability exists in SourceCodester E-Commerce System version 1.0, which stems from the fact that incorrect manipulation of the CATEGORY parameter can lead to cross-site...

6.1CVSS4.1AI score0.00357EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/03/20 12:0 a.m.3 views

Alphaware Simple E-Commerce System SQL注入漏洞

Alphaware Simple E-Commerce System is an e-commerce system by razormist individual developers. A SQL injection vulnerability exists in Alphaware Simple E-Commerce System version 1.0, which is caused by incorrect manipulation of the email/password parameter...

8.1CVSS6.7AI score0.00608EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/03/20 12:0 a.m.4 views

E-Commerce System SQL注入漏洞

Moosikay E-Commerce System is an e-commerce system by the individual developer Arvin Arandilla. An SQL injection vulnerability exists in E-Commerce System version 1.0, which stems from an incorrect manipulation of the parameter UUSERNAME resulting in sql injection...

8.1CVSS6.7AI score0.00506EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/03/19 12:0 a.m.9 views

CVE-2023-26905

An issue was discovered in Alphaware - Simple E-Commerce System v1.0. There is a SQL injection that can directly issue instructions to the background database system via /alphaware/details.php?id...

9.8AI score0.00752EPSS
Exploits1References1
NVD
NVD
added 2023/03/13 10:15 p.m.22 views

CVE-2023-27052

E-Commerce System v1.0 ws discovered to contain a SQL injection vulnerability via the id parameter at /admin/deleteuser.php...

9.8CVSS9.8AI score0.00752EPSS
Exploits1References1
OSV
OSV
added 2023/03/13 10:15 p.m.2 views

CVE-2023-27052

E-Commerce System v1.0 ws discovered to contain a SQL injection vulnerability via the id parameter at /admin/deleteuser.php...

9.8CVSS7.3AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/03/13 12:0 a.m.4 views

CVE-2023-27052

E-Commerce System v1.0 ws discovered to contain a SQL injection vulnerability via the id parameter at /admin/deleteuser.php...

9.8AI score0.00752EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/03/13 12:0 a.m.5 views

PT-2023-20917 · Unknown · E-Commerce System

Name of the Vulnerable Software and Affected Versions: E-Commerce System version 1.0 Description: A SQL injection issue was found in the E-Commerce System. The vulnerability can be exploited via the id parameter at the "/admin/delete user.php" API endpoint. Recommendations: For E-Commerce System...

9.8CVSS7.8AI score0.00752EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/03/13 12:0 a.m.22 views

CVE-2023-27052

E-Commerce System v1.0 ws discovered to contain a SQL injection vulnerability via the id parameter at /admin/deleteuser.php...

10AI score0.00752EPSS
Exploits1References1
CVE
CVE
added 2023/03/13 12:0 a.m.92 views

CVE-2023-27052

The CVE-2023-27052 issue affects E-Commerce System v1.0 and is a SQL injection vulnerability exploitable via the id parameter in /admin/delete_user.php. The NVD/CVE data assign CVSS 3.1 base score 9.8 (CRITICAL) with network access, no authentication, no user interaction, and impact to confidenti...

9.8CVSS9.7AI score0.00752EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2023/02/24 8:15 a.m.21 views

CVE-2023-0997

A vulnerability was found in SourceCodester Moosikay E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Moosikay/order.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection...

8.8CVSS7.9AI score0.00912EPSS
Exploits1References3
Prion
Prion
added 2023/02/24 8:15 a.m.16 views

Sql injection

A vulnerability was found in SourceCodester Moosikay E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Moosikay/order.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection...

7.5CVSS8.9AI score0.00912EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2023/02/24 8:15 a.m.19 views

Improper access control

A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. This affects an unknown part of the file /alphaware/summary.php of the component Payment Handler. The manipulation of the argument amount leads to improper access controls. It is possib...

6.4CVSS5.4AI score0.00913EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/02/24 7:32 a.m.32 views

CVE-2023-0998 SourceCodester Alphaware Simple E-Commerce System Payment summary.php access control

A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. This affects an unknown part of the file /alphaware/summary.php of the component Payment Handler. The manipulation of the argument amount leads to improper access controls. It is possib...

6.5CVSS6.8AI score0.00913EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/02/24 7:29 a.m.22 views

CVE-2023-0997 SourceCodester Moosikay E-Commerce System POST Parameter order.php sql injection

A vulnerability was found in SourceCodester Moosikay E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Moosikay/order.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection...

7.5CVSS9.1AI score0.00912EPSS
Exploits1References3
CVE
CVE
added 2023/02/24 7:29 a.m.82 views

CVE-2023-0997

CVE-2023-0997 affects SourceCodester Moosikay E-Commerce System 1.0. The vulnerability is in the POST Parameter Handler’s /Moosikay/order.php file, where manipulation of the username parameter leads to SQL injection. The issue can be exploited remotely, and public disclosures exist. Multiple conn...

8.8CVSS8.2AI score0.00912EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2022/11/30 12:0 a.m.45 views

Amasty Blog Pro for Magento 2 Cross-Site Scripting Vulnerability

Amasty Blog is a website page extension from Amasty. magento2 is an open source PHP e-commerce system. Amasty Blog Pro 2.10.5 before the version for Magento 2 has a cross-site scripting vulnerability , the vulnerability stems from the plugin in the blog post creation function fails to shortconten...

6.1CVSS6AI score0.00566EPSS
Exploits1References1
CNVD
CNVD
added 2022/11/05 12:0 a.m.8 views

OpenCart SQL Injection Vulnerability (CNVD-2024-30068)

OpenCart is an open source e-commerce system from the OpenCart team in Hong Kong, China. The system provides product reviews, product ratings, product additions and other modules. OpenCart 3.0.3.7 version of the existence of SQL injection vulnerability , an attacker can exploit the vulnerability...

4.9CVSS7.3AI score0.00726EPSS
Exploits1References1
Rows per page
Query Builder