133 matches found
CVE-2026-14799 CodeAstro Ecommerce Website my_account.php sql injection
A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. Impacted is an unknown function of the file /customer/myaccount.php?mywishlist. The manipulation of the argument deletewishlist results in sql injection. The attack can be launched remotely. The exploit has been released to t...
EUVD-2026-41777
A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown part of the file /ecommerce-website-php/customer/confirm.php of the component POST Parameter Handler. The manipulation of the argument invoiceno results in sql injection. The attack can be executed...
PT-2026-55819
Name of the Vulnerable Software and Affected Versions CodeAstro Ecommerce Website version 1.0 Description An SQL injection flaw exists in the POST Parameter Handler component within the file /ecommerce-website-php/customer/confirm.php. A remote attacker can exploit this by manipulating the invoic...
CVE-2026-14639 CodeAstro Ecommerce Website my_account.php sql injection
A vulnerability has been found in CodeAstro Ecommerce Website 1.0. This impacts an unknown function of the file /ecommerce-website-php/customer/myaccount.php?editaccount. Such manipulation of the argument cname leads to sql injection. The attack may be launched remotely. The exploit has been...
EUVD-2026-30264
Authorization bypass through User-Controlled key vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Session Hijacking. This issue affects E-Commerce Website: before 4.5.001...
PT-2026-40900
Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Blind SQL Injection. This issue affects E-Commerce Website: before 4.5.001...
CVE-2025-6577
Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows SQL Injection. This issue affects E-Commerce Website: before 4.5.001...
CVE-2022-27357
Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via /customerregister.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-27346
Ecommece-Website v1.1.0 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?slides. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-27436
A cross-site scripting XSS vulnerability in /public/admin/index.php?adduser at Ecommerce-Website v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username text field...
CVE-2025-13793
A weakness has been identified in winston-dsouza Ecommerce-Website up to 87734c043269baac0b4cfe9664784462138b1b2e. Affected by this issue is some unknown functionality of the file /includes/headermenu.php of the component GET Parameter Handler. Executing manipulation of the argument Error can lea...
EUVD-2025-199937
A weakness has been identified in winston-dsouza Ecommerce-Website up to 87734c043269baac0b4cfe9664784462138b1b2e. Affected by this issue is some unknown functionality of the file /includes/headermenu.php of the component GET Parameter Handler. Executing manipulation of the argument Error can lea...
CVE-2025-13793
A weakness has been identified in winston-dsouza Ecommerce-Website up to 87734c043269baac0b4cfe9664784462138b1b2e. Affected by this issue is some unknown functionality of the file /includes/headermenu.php of the component GET Parameter Handler. Executing manipulation of the argument Error can lea...
CVE-2025-13793 winston-dsouza Ecommerce-Website GET Parameter header_menu.php cross site scripting
A weakness has been identified in winston-dsouza Ecommerce-Website up to 87734c043269baac0b4cfe9664784462138b1b2e. Affected by this issue is some unknown functionality of the file /includes/headermenu.php of the component GET Parameter Handler. Executing manipulation of the argument Error can lea...
CVE-2025-13793 winston-dsouza Ecommerce-Website GET Parameter header_menu.php cross site scripting
A weakness has been identified in winston-dsouza Ecommerce-Website up to 87734c043269baac0b4cfe9664784462138b1b2e. Affected by this issue is some unknown functionality of the file /includes/headermenu.php of the component GET Parameter Handler. Executing manipulation of the argument Error can lea...
CVE-2025-13793
The CVE concerns winston-dsouza Ecommerce-Website (up to build 87734c043269baac0b4cfe9664784462138b1b2e) with a weakness in the /includes/header_menu.php component, specifically in the GET Parameter Handler. Manipulating the argument Error can trigger cross-site scripting. The issue is exploitabl...
Ecommerce-Website 代码注入漏洞
Ecommerce-Website is a full-fledged e-commerce website by Winston Dsouza Individual Developer with an admin panel built using PHP and MySql. A code injection vulnerability exists in Ecommerce-Website, which stems from the incorrect operation of the parameter Error in the file...
CVE-2024-44652
Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the useremail, username, userfirstname, userlastname, and useraddress parameters in userregister.php...
CVE-2024-44651
Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the recoveremail parameter in userpasswordrecover.php...
CVE-2024-44653
Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the useremail parameter in userlogin.php...