17 matches found
CVE-2025-66572
Loaded Commerce 6.6 contains a client-side template injection vulnerability that allows unauthenticated attackers to execute code on the server via the search parameter...
CVE-2025-66572
Loaded Commerce 6.6 contains a client-side template injection vulnerability via the search parameter that allows unauthenticated attackers to execute arbitrary code in the victim's browser context when they visit a crafted URL...
EUVD-2025-201277
Loaded Commerce 6.6 contains a client-side template injection vulnerability that allows unauthenticated attackers to execute code on the server via the search parameter...
CVE-2025-66572
Loaded Commerce 6.6 is affected by a client-side template injection vulnerability that allows unauthenticated attackers to execute code on the server via the search parameter . The root cause is CSTI in the template handling, enabling remote code execution. Public documentation notes there is cur...
CVE-2025-66572
Loaded Commerce 6.6 contains a client-side template injection vulnerability via the search parameter that allows unauthenticated attackers to execute arbitrary code in the victim's browser context when they visit a crafted URL...
CVE-2025-66572 Loaded Commerce 6.6 Client-Side Template Injection (CSTI)
Loaded Commerce 6.6 contains a client-side template injection vulnerability via the search parameter that allows unauthenticated attackers to execute arbitrary code in the victim's browser context when they visit a crafted URL...
CVE-2025-66572 Loaded Commerce 6.6 Client-Side Template Injection (CSTI)
Loaded Commerce 6.6 contains a client-side template injection vulnerability via the search parameter that allows unauthenticated attackers to execute arbitrary code in the victim's browser context when they visit a crafted URL...
PT-2025-49140
Name of the Vulnerable Software and Affected Versions Loaded Commerce version 6.6 Description Loaded Commerce version 6.6 has a client-side template injection issue. This allows unauthenticated attackers to execute code on the server through the search parameter. The issue allows for code...
Loaded Commerce 操作系统命令注入漏洞
Loaded Commerce is an open source e-commerce platform from Loaded Commerce, Inc. An operating system command injection vulnerability exists in Loaded Commerce version 6.6, which stems from a client-side template injection vulnerability that could lead to code execution on the server via search...
EUVD-2014-5038
Malware in sbrugna...
Loaded Commerce 6.6 - Client-Side Template Injection(CSTI)
Exploit Title: Loaded Commerce 6.6 Client-Side Template InjectionCSTI Date: 03/13/2025 Exploit Author: tmrswrr Vendor Homepage: https://loadedcommerce.com/ Version: 6.6 Tested on: https://www.softaculous.com/apps/ecommerce/LoadedCommerce Injecting 77 into the search parameter...
Loaded Commerce 6.6 Client-Side Template Injection
Loaded Commerce version 6.6 suffers from a client-side template injection vulnerability. Exploit Title: Loaded Commerce 6.6 Client-Side Template InjectionCSTI AngularJS Date: 03/13/2025 Exploit Author: tmrswrr Vendor Homepage: https://loadedcommerce.com/ Version: 6.6 Tested on:...
CVE-2014-5140
The bindReplace function in the query factory in includes/classes/database.php in Loaded Commerce 7 does not properly handle : colon characters, which allows remote authenticated users to conduct SQL injection attacks via the First name and Last name fields in the address book...
Sql injection
The bindReplace function in the query factory in includes/classes/database.php in Loaded Commerce 7 does not properly handle : colon characters, which allows remote authenticated users to conduct SQL injection attacks via the First name and Last name fields in the address book...
CVE-2014-5140
CVE-2014-5140 affects Loaded Commerce 7. The vulnerability is in the bindReplace function of the query factory (includes/classes/database.php), which does not properly handle colon characters. This enables SQL injection via the First name and Last name fields in the address book when used by remo...
CVE-2014-5140
The bindReplace function in the query factory in includes/classes/database.php in Loaded Commerce 7 does not properly handle : colon characters, which allows remote authenticated users to conduct SQL injection attacks via the First name and Last name fields in the address book...
LoadedCommerce7 - Systemic Query Factory
Title: LoadedCommerce7 Systemic Query Factory Vulnerability Advisory: http://breaking.technology/advisories/CVE-2014-5140.txt Credits: Discovered by Breaking Technology Research Labs 2014-06-30 Reference: CVE-2014-5140 - Assigned 31 June 2014 Timeline: Vendor notified - 29 July 2014 Vendor...