18 matches found
CVE-2026-22588
Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 4.10.2, 5.0.7, 5.1.9, and 5.2.5, an Authenticated Insecure Direct Object Reference IDOR vulnerability was identified that allows an authenticated user to retrieve other users’ address information by modifying ...
E-Commerce Website edit_order_details.php File SQL Injection Vulnerability
E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter orderid in file /pages/editorderdetails.php. An attacker can exploit this vulnerability to...
CVE-2025-11420
A vulnerability was detected in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/editorderdetails.php. The manipulation of the argument orderid results in sql injection. The attack may be launched remotely. The exploit is now public and may be used...
CVE-2025-11420
A vulnerability was detected in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/editorderdetails.php. The manipulation of the argument orderid results in sql injection. The attack may be launched remotely. The exploit is now public and may be used...
CVE-2025-11420
A vulnerability was detected in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/editorderdetails.php. The manipulation of the argument orderid results in sql injection. The attack may be launched remotely. The exploit is now public and may be used...
CVE-2025-11420
CVE-2025-11420 affects code-projects E-Commerce Website 1.0. The vulnerability is a SQL injection in the /pages/edit_order_details.php handler, triggered by manipulating the order_id parameter. The issue originates from lack of input validation for an externally supplied SQL statement, allowing a...
CVE-2025-11420 code-projects E-Commerce Website edit_order_details.php sql injection
A vulnerability was detected in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/editorderdetails.php. The manipulation of the argument orderid results in sql injection. The attack may be launched remotely. The exploit is now public and may be used...
CVE-2025-11420 code-projects E-Commerce Website edit_order_details.php sql injection
A vulnerability was detected in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/editorderdetails.php. The manipulation of the argument orderid results in sql injection. The attack may be launched remotely. The exploit is now public and may be used...
code-projects E-Commerce Website SQL注入漏洞
E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter orderid in file /pages/editorderdetails.php. An attacker can exploit this vulnerability to...
Inventory Management System editOrder.php File SQL Injection Vulnerability
Inventory Management System is an inventory management system. Inventory Management System has a SQL injection vulnerability that stems from insufficient filtering of user input in the /phpaction/editOrder.php file. No details of the vulnerability are available at this time...
Code-Projects Inventory Management System 注入漏洞
Inventory Management System is an inventory management system. Inventory Management System has a SQL injection vulnerability that stems from insufficient filtering of user input in the /phpaction/editOrder.php file. No details of the vulnerability are available at this time...
CVE-2022-41551
Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editorder.php...
PT-2022-26794 · Unknown · Billing System Project
Name of the Vulnerable Software and Affected Versions: Billing System Project version 1.0 Description: A SQL injection issue was found in the Billing System Project. The vulnerability can be exploited via the id parameter at the "editorder.php" endpoint. Recommendations: For Billing System Projec...
Sql injection
Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editorder.php...
CVE-2022-43330
Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /editorder.php...
Sql injection
Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /editorder.php...
Laundry Booking Management System 1.0 - Multiple SQL Injection Vulnerability
Exploit Title: Laundry Booking Management System 1.0 - 'Multiple' SQL Injection Exploit Author: Azumah Foresight Xorlali Vendor Homepage: https://www.sourcecodester.com/php/14400/laundry-booking-management-system-php-source-code.html Software Link:...
Paid Membership Pro < 2.5.10 - Cross-Site Scripting (XSS)
The plugin was affected by a. Cross-Site Scripting issue in the edit order page or the admin dashboard...