19 matches found
EUVD-2006-0245
Malware in sbrugna...
CVE-2021-24402
The Orders functionality in the WP iCommerce WordPress plugin through 1.1.1 has an orderid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors...
CVE-2021-24402
The Orders functionality in the WP iCommerce WordPress plugin through 1.1.1 has an orderid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors...
CVE-2021-24402
The Orders functionality in the WP iCommerce WordPress plugin through 1.1.1 has an orderid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors...
Sql injection
The Orders functionality in the WP iCommerce WordPress plugin through 1.1.1 has an orderid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors...
CVE-2021-24402
The CVE-2021-24402 refers to the WordPress WP iCommerce plugin (versions up to 1.1.1). The Orders feature exposes an order_id parameter that is not sanitised, escaped or validated before being inserted into an SQL statement, enabling SQL injection. The vulnerability requires at least authenticate...
CVE-2021-24402 WP iCommerce <= 1.1.1 - Authenticated (contributor+) SQL Injection
The Orders functionality in the WP iCommerce WordPress plugin through 1.1.1 has an orderid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors...
WordPress SQL注入漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WP iCommerce WordPress plugin 1.1.1 and earlier versions,...
WordPress WP iCommerce plugin <= 1.1.1 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Syed Sheeraz Ali in WordPress WP iCommerce plugin versions = 1.1.1. Solution This plugin has been closed as of May 13, 2021 and is not available for download. Reason: Security Issue...
WP iCommerce <= 1.1.1 - Authenticated (contributor+) SQL Injection
The Orders functionality in the plugin has an orderid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors GET...
WP iCommerce <= 1.1.1 - Authenticated (contributor+) SQL Injection
The Orders functionality in the plugin has an orderid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors PoC GET...
GTP iCommerce Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/16255/info GTP iCommerce is prone to multiple cross-site scripting vulnerabilities. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the...
CVE-2006-0237
Cross-site scripting XSS vulnerability in index.php in GTP iCommerce allows remote attackers to inject arbitrary web script or HTML via the 1 cat and 2 subcat parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in GTP iCommerce allows remote attackers to inject arbitrary web script or HTML via the 1 cat and 2 subcat parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2006-0237
CVE-2006-0237 concerns a cross-site scripting (XSS) vulnerability in index.php of GTP iCommerce. The flaw allows remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) subcat parameters due to inadequate input handling. They can influence the content rendered in a victim’...
CVE-2006-0237
Cross-site scripting XSS vulnerability in index.php in GTP iCommerce allows remote attackers to inject arbitrary web script or HTML via the 1 cat and 2 subcat parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
GTP iCommerce - Multiple Cross-Site Scripting Vulnerabilities
GTP iCommerce - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/16255/info GTP iCommerce is prone to multiple cross-site scripting vulnerabilities. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspectin...
GTP iCommerce - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/16255/info GTP iCommerce is prone to multiple cross-site scripting vulnerabilities. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitat...
[SA18470] GTP iCommerce Cross-Site Scripting Vulnerabilities
TITLE: GTP iCommerce Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA18470 VERIFY ADVISORY: http://secunia.com/advisories/18470/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: GTP iCommerce http://secunia.com/product/6831/ DESCRIPTION: Preddy has...