mall 代码注入漏洞

mall is a set of e-commerce system for macro individual developers, including the front-end mall system and back-end management system. mall 1.0.3 and previous versions of the code injection vulnerability, the vulnerability stems from the file /minio/upload parameter File improper handling, may...

mall 代码注入漏洞

mall is a macro personal developer of a set of e-commerce system, including the front mall system and backend management system. mall 1.0.3 and previous versions of code injection vulnerability, the vulnerability stems from the file / swagger-ui/index.html parameter configUrl lead to cross-site...

CVE-2022-4961

A vulnerability was found in Weitong Mall 1.0.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file platform-shop\src\main\resources\com\platform\dao\OrderDao.xml. The manipulation of the argument sidx/order leads to sql injection. The...

CVE-2020-23448

newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. The authentication logic of the system's background /admin is in code AdminLoginInterceptor, which can be bypassed...

CVE-2025-4259 newbee-mall UploadController.java upload unrestricted upload

A vulnerability has been found in newbee-mall 1.0 and classified as critical. Affected by this vulnerability is the function Upload of the file ltd/newbee/mall/controller/common/UploadController.java. The manipulation of the argument File leads to unrestricted upload. The attack can be launched...

CVE-2025-4136

A vulnerability was found in Weitong Mall 1.0.0. It has been classified as critical. This affects an unknown part of the component Sale Endpoint. The manipulation of the argument ID leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to...

CVE-2025-4119 Weitong Mall Product Statistics queryTotal access control

A vulnerability classified as critical was found in Weitong Mall 1.0.0. This vulnerability affects unknown code of the file /queryTotal of the component Product Statistics Handler. The manipulation of the argument isDelete with the input 1 leads to improper access controls. The attack can be...

CVE-2025-4119

CVE-2025-4119 affects Weitong Mall 1.0.0, specifically the Product Statistics Handler’s /queryTotal. The root cause is improper access control triggered by manipulating the isDelete parameter with the value 1, enabling remote execution. Multiple sources corroborate the vulnerability and indicate ...

PT-2025-18280 · Unknown · Weitong Mall

Name of the Vulnerable Software and Affected Versions: Weitong Mall version 1.0.0 Description: A critical issue was found in the Product Statistics Handler component, specifically affecting the /queryTotal file. The manipulation of the isDelete argument with the input 1 leads to improper access...

CVE-2025-3560 ghostxbh uzy-ssm-mall product cross site scripting

A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0 and classified as problematic. This issue affects some unknown processing of the file /product. The manipulation of the argument productname leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed...

CVE-2025-2087 StarSea99 starsea-mall update cross site scripting

A vulnerability, which was classified as problematic, has been found in StarSea99 starsea-mall 1.0. This issue affects some unknown processing of the file /admin/goods/update. The manipulation of the argument goodsName leads to cross site scripting. The attack may be initiated remotely. The explo...

CVE-2025-1114

A vulnerability classified as problematic has been found in newbee-mall 1.0. Affected is the function save of the file /admin/categories/save of the component Add Category Page. The manipulation of the argument categoryName leads to cross site scripting. It is possible to launch the attack...

CVE-2024-48445

An issue in compop.ca ONLINE MALL v.3.5.3 allows a remote attacker to execute arbitrary code via the rid, tid, et, and ts parameters...

Sepcity Shopping Mall - SQL Injection

By Osmanizim Security Specialist Contacts : www.osmanizim.com Title: Shopping Mall http://localhost/shopmall/shpdetails.asp?ID=1 union select 0,1,2,username,password,5,6,7,8,9 from administrators // Admin -- http://localhost/shopmall/admlogin.asp? milw0rm.com 2008-12-29...

Pass to eat all the Mall-vulnerability warning-the black bar safety net

Tutorial content: Today to teach you a pass to kill the Mall method! of! Is actually change the idea of it!!!! Very simple!! To prepare a site Hunter. Pony. The Malaysian one!! We first go to open site Hunter! Search below this paragraph!! Keywords: To buy-cart-go to the cashier-confirm consignee...