18 matches found
EUVD-2023-23465
Malicious code in bioql PyPI...
EUVD-2024-17278
Malicious code in bioql PyPI...
EUVD-2021-30586
Malicious code in bioql PyPI...
EUVD-2023-12797
Malicious code in bioql PyPI...
CVE-2023-1185
A vulnerability, which was classified as problematic, was found in ECshop up to 4.1.8. This affects an unknown part of the component New Product Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and...
CVE-2020-22206
SQL Injection in ECShop 3.0 via the aid parameter to admin/affiliateck.php...
CVE-2024-35362
Ecshop 3.6 is vulnerable to Cross Site Scripting XSS via ecshop/articlecat.php...
CVE-2024-35362
Ecshop 3.6 is vulnerable to Cross Site Scripting XSS via ecshop/articlecat.php...
ECShop SQL Injection Vulnerability (CNVD-2024-26111)
ShopeX ECShop is an open source mall system of the Chinese business school ShopeX company . Support PC + H5 + APP + small program mall, source code free download experience, suitable for enterprise development and build mall. ECShop SQL injection vulnerability , the vulnerability stems from...
PT-2023-26787 · Ecshop · Ecshop
Name of the Vulnerable Software and Affected Versions: ECShop version 4.1.16 Description: The issue is related to an arbitrary file deletion vulnerability in the Admin Panel. Recommendations: For ECShop version 4.1.16, at the moment, there is no information about a newer version that contains a f...
ECShop SQL Injection Vulnerability (CNVD-2021-44948)
ECShop is a professional e-commerce mall system. A SQL injection vulnerability exists in ECShop version 3.0. An attacker can exploit this vulnerability by using the id parameter of admin/shophelp.php to perform SQL injection attacks...
ecshop 2.7.2 search.php SQL注入漏洞
No description provided by source...
ecshop csrf getshell 0day-vulnerability warning-the black bar safety net
0x0 background getshell In submitting an order the place to see the code to call the getmailtemplateget remindofneworder the contents of the template, and then placed into the fetch is performed, if you can control remindofneworder template of content that can make ecshop to perform our command...
ECShop v2. 7. 2 wap page storm path 0day-vulnerability warning-the black bar safety net
Google: inurl:mobile/goods. php? act=viewimg&id=1 2 3 Search to After in page plus&id=5 That is, http://www. badguest. cn/mobile/goods. php? act=viewimg&id=1 2 3&id=5 For example, for many forums, submitted a non-existent file request, or submit a There is no output file of the request, the serve...
ecshop 2.6 x background write shell 0day-vulnerability warning-the black bar safety net
The relevant variable is not filtered, resulting in the submission of data to write into shell holes. Vulnerability file: admineditlanguages.php The relevant variable is not filtered! elseif $REQUEST'act' == 'edit' / Language items of the path / $langfile = isset$POST'filepath' ?...
ecshop the latest version (v272) the local contains to get SHELL-vulnerability warning-the black bar safety net
Looking directly at the code: js/calendar.php $lang = ! empty$GET'lang' ? trim$GET'lang' : ‘EN’;//no filter, obviously contains a vulnerability if ! fileexists‘../languages/’ . $lang . ‘/calendar.php’ $lang = ‘EN’; requiredirnamedirnameFILE . ‘/data/config.php’; header‘Content-type:...
Ecshop v2.7.2存在用户权限越权漏洞
No description provided by source...
ECShop 2.7.2 - 'category.php' SQL Injection
source: https://www.securityfocus.com/bid/40001/info ECShop is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, ...