193 matches found
CVE-2023-1503
CVE-2023-1503 affects SourceCodester Alphaware Simple E-Commerce System 1.0. A SQL injection vulnerability exists in the admin/admin_index.php file, triggered by manipulating the username/password inputs (example payload: admin' AND (SELECT 8062 FROM (SELECT(SLEEP(5)))meUD)-- hLiX). The issue all...
CVE-2023-1502
CVE-2023-1502 affects SourceCodester Alphaware Simple E-Commerce System 1.0. The vulnerability is an SQL injection in the file function/edit_customer.php, triggered by manipulating the firstname/mi/lastname inputs (example payload: a' RLIKE SLEEP(5) AND 'dAbu'='dAbu). It can be exploited remotely...
SourceCodester E-Commerce System 跨站脚本漏洞
Moosikay E-Commerce System is an e-commerce system by the individual developer Arvin Arandilla. A cross-site scripting vulnerability exists in SourceCodester E-Commerce System version 1.0, which stems from the fact that incorrect manipulation of the CATEGORY parameter can lead to cross-site...
Alphaware Simple E-Commerce System SQL注入漏洞
Alphaware Simple E-Commerce System is an e-commerce system by razormist individual developers. A SQL injection vulnerability exists in Alphaware Simple E-Commerce System version 1.0, which is caused by incorrect manipulation of the email/password parameter...
E-Commerce System SQL注入漏洞
Moosikay E-Commerce System is an e-commerce system by the individual developer Arvin Arandilla. An SQL injection vulnerability exists in E-Commerce System version 1.0, which stems from an incorrect manipulation of the parameter UUSERNAME resulting in sql injection...
CVE-2023-26905
An issue was discovered in Alphaware - Simple E-Commerce System v1.0. There is a SQL injection that can directly issue instructions to the background database system via /alphaware/details.php?id...
CVE-2023-27052
E-Commerce System v1.0 ws discovered to contain a SQL injection vulnerability via the id parameter at /admin/deleteuser.php...
CVE-2023-27052
E-Commerce System v1.0 ws discovered to contain a SQL injection vulnerability via the id parameter at /admin/deleteuser.php...
CVE-2023-27052
E-Commerce System v1.0 ws discovered to contain a SQL injection vulnerability via the id parameter at /admin/deleteuser.php...
PT-2023-20917 · Unknown · E-Commerce System
Name of the Vulnerable Software and Affected Versions: E-Commerce System version 1.0 Description: A SQL injection issue was found in the E-Commerce System. The vulnerability can be exploited via the id parameter at the "/admin/delete user.php" API endpoint. Recommendations: For E-Commerce System...
CVE-2023-27052
E-Commerce System v1.0 ws discovered to contain a SQL injection vulnerability via the id parameter at /admin/deleteuser.php...
CVE-2023-27052
The CVE-2023-27052 issue affects E-Commerce System v1.0 and is a SQL injection vulnerability exploitable via the id parameter in /admin/delete_user.php. The NVD/CVE data assign CVSS 3.1 base score 9.8 (CRITICAL) with network access, no authentication, no user interaction, and impact to confidenti...
CVE-2023-0997
A vulnerability was found in SourceCodester Moosikay E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Moosikay/order.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection...
Sql injection
A vulnerability was found in SourceCodester Moosikay E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Moosikay/order.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection...
Improper access control
A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. This affects an unknown part of the file /alphaware/summary.php of the component Payment Handler. The manipulation of the argument amount leads to improper access controls. It is possib...
CVE-2023-0998 SourceCodester Alphaware Simple E-Commerce System Payment summary.php access control
A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. This affects an unknown part of the file /alphaware/summary.php of the component Payment Handler. The manipulation of the argument amount leads to improper access controls. It is possib...
CVE-2023-0997 SourceCodester Moosikay E-Commerce System POST Parameter order.php sql injection
A vulnerability was found in SourceCodester Moosikay E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Moosikay/order.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection...
CVE-2023-0997
CVE-2023-0997 affects SourceCodester Moosikay E-Commerce System 1.0. The vulnerability is in the POST Parameter Handler’s /Moosikay/order.php file, where manipulation of the username parameter leads to SQL injection. The issue can be exploited remotely, and public disclosures exist. Multiple conn...
Amasty Blog Pro for Magento 2 Cross-Site Scripting Vulnerability
Amasty Blog is a website page extension from Amasty. magento2 is an open source PHP e-commerce system. Amasty Blog Pro 2.10.5 before the version for Magento 2 has a cross-site scripting vulnerability , the vulnerability stems from the plugin in the blog post creation function fails to shortconten...
OpenCart SQL Injection Vulnerability (CNVD-2024-30068)
OpenCart is an open source e-commerce system from the OpenCart team in Hong Kong, China. The system provides product reviews, product ratings, product additions and other modules. OpenCart 3.0.3.7 version of the existence of SQL injection vulnerability , an attacker can exploit the vulnerability...