8 matches found
EUVD-2023-55932
Malicious code in bioql PyPI...
CVE-2023-51210
SQL injection vulnerability in Webkul Bundle Product 6.0.1 allows a remote attacker to execute arbitrary code via the idproduct parameters in the UpdateProductQuantity function...
Webkul Bundle SQL Injection Vulnerability
Webkul Bundle is an add-on for the Marketplace module from Webkul, Inc. A SQL injection vulnerability exists in Webkul Bundle version 6.0.1 that originates from allowing remote attackers to execute arbitrary code via the idproduct parameter in the UpdateProductQuantity function...
CVE-2023-30154
Multiple improper neutralization of SQL parameters in module AfterMail aftermailpresta for PrestaShop, before version 2.2.1, allows remote attackers to perform SQL injection attacks via idcustomer, idconf, idproduct and token parameters in aftermailajax.php via the 'idproduct' parameter in hooks...
beaba.com XSS vulnerability
Vulnerable URL: https://www.beaba.com/catalogue/module/commerceconnectorproduct/findstores?idproduct=287ean==undefined=xss%22%3E%3Csvg/onload=prompt%22openbugbounty%22%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 12.01.2018 Vulnerability type:| XSS Vulnerability...
Prestashop Cartium 1.3.3 - 0.246s SQL Injection
Vulnerable software and vendor: Prestashop, verion: 1.3.3 - 0.246s Sql Injection Vulnerabilities Vulnerable File Vulnerable Field category.php idcategory cart.php idproduct product.php idproduct Vulnerability details: just inject ' and you get sql eror...
Sql injection
Multiple SQL injection vulnerabilities in functions/displaypage.func.php in cpCommerce 1.1.0 allow remote attackers to execute arbitrary SQL commands via the 1 idproduct, 2 idmanufacturer, and 3 idcategory parameters to unspecified components. NOTE: this probably overlaps CVE-2007-2959 and...
CVE-2008-1907
Multiple SQL injection vulnerabilities in functions/displaypage.func.php in cpCommerce 1.1.0 allow remote attackers to execute arbitrary SQL commands via the 1 idproduct, 2 idmanufacturer, and 3 idcategory parameters to unspecified components. NOTE: this probably overlaps CVE-2007-2959 and...