9 matches found
CVE-2026-29174
Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Craft Commerce is vulnerable to SQL Injection in the inventory levels table data endpoint. The sort0direction and sort0sortField parameters are concatenated directly into an addOrderBy clause without any validation or...
CVE-2026-29174
CVE-2026-29174 : Craft Commerce (Craft CMS) is vulnerable to SQL injection in the inventory levels endpoint. The sort[0][direction] and sort[0][sortField] parameters are concatenated into addOrderBy() without validation, allowing an authenticated attacker with access to the Commerce Inventory sec...
CVE-2026-29174 Craft Commerce has a SQL Injection in Commerce Inventory Table Sorting
Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Craft Commerce is vulnerable to SQL Injection in the inventory levels table data endpoint. The sort0direction and sort0sortField parameters are concatenated directly into an addOrderBy clause without any validation or...
EUVD-2026-10817
Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Craft Commerce is vulnerable to SQL Injection in the inventory levels table data endpoint. The sort0direction and sort0sortField parameters are concatenated directly into an addOrderBy clause without any validation or...
CVE-2026-29174
Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Craft Commerce is vulnerable to SQL Injection in the inventory levels table data endpoint. The sort0direction and sort0sortField parameters are concatenated directly into an addOrderBy clause without any validation or...
GHSA-PMGJ-GMM4-JH6J Craft Commerce is vulnerable to SQL Injection in Commerce Inventory Table Sorting
Summary Craft Commerce is vulnerable to SQL Injection in the inventory levels table data endpoint. The sort0direction and sort0sortField parameters are concatenated directly into an addOrderBy clause without any validation or sanitization. An authenticated attacker with access to the Commerce...
PT-2026-24416
Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Craft Commerce is vulnerable to SQL Injection in the inventory levels table data endpoint. The sort0direction and sort0sortField parameters are concatenated directly into an addOrderBy clause without any validation or...
PT-2026-24633
Summary Craft Commerce is vulnerable to SQL Injection in the inventory levels table data endpoint. The sort0direction and sort0sortField parameters are concatenated directly into an addOrderBy clause without any validation or sanitization. An authenticated attacker with access to the Commerce...
Infographic: How Are Bad Bots Hurting Your Business?
Bad bots are software applications which run automated tasks with malicious intent over the internet. They scrape data from sites without permission in order to reuse it and gain a competitive edge e.g. pricing, inventory levels, proprietary content, etc.. They are used for scalping, the act of...