27 matches found
EUVD-2023-52953
Malicious code in bioql PyPI...
EUVD-2025-31736
Malicious code in bioql PyPI...
EUVD-2022-37722
Malicious code in bioql PyPI...
CVE-2025-52050
In Frappe ERPNext 15.57.5, the function getloyaltyprogramdetailswithpoints at erpnext/accounts/doctype/loyaltyprogram/loyaltyprogram.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the expirydate parameter...
CVE-2025-52050
In Frappe ERPNext 15.57.5, the function getloyaltyprogramdetailswithpoints at erpnext/accounts/doctype/loyaltyprogram/loyaltyprogram.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the expirydate parameter...
CVE-2025-52050
In Frappe ERPNext 15.57.5, the function getloyaltyprogramdetailswithpoints at erpnext/accounts/doctype/loyaltyprogram/loyaltyprogram.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the expirydate parameter...
PT-2025-39992
Name of the Vulnerable Software and Affected Versions Frappe ERPNext version 15.57.5 Description The get loyalty program details with points function located at erpnext/accounts/doctype/loyalty program/loyalty program.py is susceptible to SQL Injection. An attacker can inject a SQL query into the...
CVE-2025-52050
In Frappe ERPNext 15.57.5, the function getloyaltyprogramdetailswithpoints at erpnext/accounts/doctype/loyaltyprogram/loyaltyprogram.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the expirydate parameter...
CVE-2025-52050
In Frappe ERPNext 15.57.5, the function getloyaltyprogramdetailswithpoints at erpnext/accounts/doctype/loyaltyprogram/loyaltyprogram.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the expirydate parameter...
CVE-2025-52050
CVE-2025-52050 affects Frappe ERPNext 15.57.5. The vulnerability is in function get_loyalty_program_details_with_points() (loyalty_program.py) and is caused by SQL injection via the expiry_date parameter, allowing an attacker to extract all information from databases. The connected documents prov...
MAL-2025-41498 Malicious code in @twork-data-services/loyalty-program-names (npm)
--- -= Per source details. Do not edit below this line.=-...
Code injection
An issue in 202 ecommerce Advanced Loyalty Program: Loyalty Points before v2.3.4 for PrestaShop allows unauthenticated attackers to arbitrarily change an order status...
CVE-2023-48926
An issue in 202 ecommerce Advanced Loyalty Program: Loyalty Points before v2.3.4 for PrestaShop allows unauthenticated attackers to arbitrarily change an order status...
CVE-2023-48926
CVE-2023-48926 affects the PrestaShop extension: 202 ecommerce Advanced Loyalty Program, Loyalty Points before v2.3.4. The vulnerability allows unauthenticated attackers to arbitrarily change an order status. Documents cite a CVSS v3.1 base score of 5.3 (Medium) with impact limited to integrity. ...
PrestaShop Security Breach
PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The program offers multiple payment methods, SMS alerts and product image zoom. A security vulnerability exists in PrestaShop Advanced Loyalty Program: Loyalty Points prior to v2.3.4, which originated fro...
CVE-2022-34774
Tabit - Arbitrary account modification. One of the endpoints mapped by the tiny URL, was a page where an adversary can modify personal details, such as email addresses and phone numbers of a specific user in a restaurant's loyalty program. Possibly allowing account takeover the mail can be used t...
CVE-2022-34774
Tabit - Arbitrary account modification. One of the endpoints mapped by the tiny URL, was a page where an adversary can modify personal details, such as email addresses and phone numbers of a specific user in a restaurant's loyalty program. Possibly allowing account takeover the mail can be used t...
CVE-2022-34774 Tabit - Arbitrary account modification
Tabit - Arbitrary account modification. One of the endpoints mapped by the tiny URL, was a page where an adversary can modify personal details, such as email addresses and phone numbers of a specific user in a restaurant's loyalty program. Possibly allowing account takeover the mail can be used t...
Gift Card Gang Extracts Cash From 100k Inboxes Daily
Some of the most successful and lucrative online scams employ a "low-and-slow" approach -- avoiding detection or interference from researchers and law enforcement agencies by stealing small bits of cash from many people over an extended period. Heres the story of a cybercrime group that compromis...
Uber: IDOR leads to See analytics of Loyalty Program in any restaurant.
Improper authorization allowed for disclosure any restaurant's analytics of the Loyalty Program on 3 endpoints...