CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2024/06/17 2:15 p.m.•10 views

CVE-2024-37622

Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting XSS vulnerability via the num parameter at /flow/flow.php...

6.1CVSS0.00851EPSS

CNNVD•added 2024/05/20 12:0 a.m.•2 views

Smanga 安全漏洞

Smanga is a docker direct-installed manga streaming reading tool by the individual developer lkw199711. A security vulnerability exists in Smanga version 3.2.7, which stems from a path traversal vulnerability in the flow.php interface due to a lack of filtering on the file parameter, which can le...

7.5CVSS6.8AI score0.003EPSS

Exploits1References2

CNVD•added 2021/06/17 12:0 a.m.•3 views

ECShop SQL Injection Vulnerability (CNVD-2021-44947)

ECShop is a professional e-commerce mall system. A SQL injection vulnerability exists in ECShop version 2.7.6. An attacker can exploit this vulnerability by using the goodsnumber parameter of flow.php to conduct a SQL injection attack...

9.8CVSS7.6AI score0.00508EPSS

OSV•added 2021/06/16 6:15 p.m.•0 views

CVE-2020-22204

SQL Injection in ECShop 2.7.6 via the goodsnumber parameter to flow.php...

9.8CVSS5.8AI score

Exploits0References1

Prion•added 2021/06/16 6:15 p.m.•11 views

Sql injection

SQL Injection in ECShop 2.7.6 via the goodsnumber parameter to flow.php...

7.5CVSS9.7AI score0.00508EPSS

Exploits1References1Affected Software1

CVE•added 2021/06/16 5:13 p.m.•44 views

CVE-2020-22204

CVE-2020-22204 describes a SQL injection vulnerability in ECShop 2.7.6 exploitable via the goods_number parameter of flow.php. The included connected sources (CNVD/CNNVD/NVD entries) confirm ECShop 2.7.6 is affected and that the injection occurs through a poorly sanitized goods_number parameter. ...

9.8CVSS9.7AI score0.00508EPSS

Exploits1References1Affected Software1

CNNVD•added 2021/06/16 12:0 a.m.•0 views

ECShop SQL注入漏洞

9.8CVSS5.9AI score0.00508EPSS

seebug.org•added 2014/07/09 12:0 a.m.•16 views

ecshop 2.7.3 /flow.php 登录绕过漏洞

影响文件:flow.php 188行开始elseif $REQUEST'step' == 'login' includeonce'languages/'. $CFG'lang'. '/user.php'; / 用户登录注册 / if $SERVER'REQUESTMETHOD' == 'GET' ..... else includeonce'includes/libpassport.php'; if !empty$POST'act' && $POST'act' == 'signin' $captcha = intval$CFG'captcha'; if $captcha &...

seebug.org•added 2012/12/29 12:0 a.m.•182 views

ECShop 2.7.3 flow.php SQL注入漏洞

No description provided by source...

seebug.org•added 2012/10/15 12:0 a.m.•11 views

ecshop 2.7.2 flow.php sql注入漏洞

No description provided by source...

seebug.org•added 2011/10/09 12:0 a.m.•14 views

ECShop 2.7.2 红包注入漏洞

简要描述： flow.php页面看似intval的红包ID，其实可以注入。以下文章仅从代码推测，并未进行测试，不过这太明显了，就不测试了，各位看官测试失败请跟帖骂娘，死亡节奏技术小组、恶灵战队路过。详细说明： /flow.php 1168行开始 $bonus = bonusinfointval$GET'bonus'; if !empty$bonus && $bonus'userid' == $SESSION'userid' || $GET'bonus' == 0 $order'bonusid' = $GET'bonus'; else $order'bonusid' = 0;...