16 matches found
SQL Injection
org.linlinjava, litemall-wx-api is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of user-supplied input in the list function of WxGoodsController within the Front-end WeChat API, which allows a remote attacker to perform SQL injection attacks by manipulating craft...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the /wx/goods/list endpoint in the front-end WeChat API. An attacker can access, modify, or delete sensitive data by sending specially crafted input to the API endpoint. Remediation There is no fixed version for...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the /wx/goods/list endpoint in the front-end WeChat API. An attacker can access, modify, or delete sensitive data by sending specially crafted input to the API endpoint. Remediation There is no fixed version for...
EUVD-2020-13460
Malware in sbrugna...
EUVD-2025-32190
Malicious code in bioql PyPI...
CVE-2025-56162
YOSHOP 2.0 suffers from an unauthenticated SQL injection in the goodsIds parameter of the /api/goods/listByIds endpoint. The getListByIds function concatenates user input into orderRaw'fieldgoodsid, ...', allowing attackers to: a enumerate or modify database data, including dumping admin password...
PT-2025-40400
Name of the Vulnerable Software and Affected Versions YOSHOP version 2.0 Description The software is susceptible to an unauthenticated SQL injection through the goodsIds parameter of the /api/goods/listByIds API endpoint. The getListByIds function improperly concatenates user-supplied input into ...
CVE-2025-56162
YOSHOP 2.0 suffers from an unauthenticated SQL injection in the goodsIds parameter of the /api/goods/listByIds endpoint. The getListByIds function concatenates user input into orderRaw'fieldgoodsid, ...', allowing attackers to: a enumerate or modify database data, including dumping admin password...
CVE-2025-5569
A vulnerability was found in IdeaCMS up to 1.7 and classified as critical. This issue affects the function Article/Goods of the file /api/v1.index.article/getList.html. The manipulation of the argument Field leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.8 is...
CVE-2020-20675
Nuishop v2.3 contains a SQL injection vulnerability in /goods/getGoodsListByConditions/...
CVE-2020-20675
Nuishop v2.3 contains a SQL injection vulnerability in /goods/getGoodsListByConditions/...
CVE-2020-20675
Nuishop v2.3 contains a SQL injection vulnerability in /goods/getGoodsListByConditions/...
Nuishop SQL注入漏洞
Nuishop is an application software. An application shopping center system. Nuishop version 2.3 suffers from a SQL injection vulnerability that can be exploited by an attacker who can include "/goods/getGoodsListByConditions/" in...
pjtian.com XSS vulnerability
Open Bug Bounty ID: OBB-462242 Description| Value ---|--- Affected Website:| pjtian.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...
tradeease.net XSS vulnerability
Open Bug Bounty ID: OBB-462077 Description| Value ---|--- Affected Website:| tradeease.net Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat She...
SQL Injection Vulnerability in DuoDuo Rebate System V8.3_UTF8 official version admin\mod\goods\list.act.php
DuoDuo rebate system is for e-commerce rebate, shopping guide to provide solutions, is the open source PHP rebate site system. DuoDuo rebate web system V8.3UTF8 official version admin\mod\goods\list.act.php SQL injection vulnerability. The vulnerability is due to the system failing to effectively...