31 matches found
Command execution vulnerability in Mallbuilder sy***_co***.php file
MallBuilder is a PHP + MYSQL based multi-user online shopping mall solution , using MallBuilder can quickly build a powerful similar to the Jingdong Mall , Tmall , 1 store mall online shopping mall , or enterprise , industry , localization and vertical multi-user mall . A command execution...
Command execution vulnerability in Mallbuilder mo***_tr***.php file
MallBuilder is a PHP + MYSQL based multi-user online shopping mall solution , using MallBuilder can quickly build a powerful similar to the Jingdong Mall , Tmall , 1 store mall online shopping mall , or enterprise , industry , localization and vertical multi-user mall . A command execution...
Logical design flaws in mallbuilder e-commerce system
MallBuilder is a multi-user online shopping mall solution based on PHP + MYSQL. A logical design vulnerability exists in the mallbuilder e-commerce system. An attacker can exploit this vulnerability to modify database information...
SQL Injection Vulnerability in MallBuilder
MallBuilder is a multi-user online shopping mall solution based on PHP+MYSQL. MallBuilder suffers from a SQL injection vulnerability. An attacker can use this vulnerability to steal database information and control the operating system...
Design Flaw Vulnerability in MallBuilder Mall Page CAPTCHA of Farfound Group
MallBuilder is a multi-user online shopping mall solution based on PHP + MYSQL. A design flaw vulnerability exists in the Farfound Group MallBuilder mall page authentication code. Allows attackers to bypass the page verification code for brute force cracking...
MallBuilder mall has xss vulnerability
MallBuilder a multi-user online shopping mall solution based on PHP + MYSQL . MallBuilder Mall has an xss vulnerability that allows attackers to exploit vulnerabilities to modify sensitive information...
SQL injection vulnerability in mallbuilder frontend cate_show_ajax.php page
MallBuilder is a multi-user online shopping mall solution system based on PHP+MYSQL. A SQL injection vulnerability exists in the mallbuilder v7.3.4 frontend cateshowajax.php page due to a lack of filtering of the '$catid' parameter, which allows an attacker to exploit the vulnerability to obtain...
SQL injection vulnerability in mallbuilder frontend plugin_product_class.php page
MallBuilder is a multi-user online shopping mall solution system based on PHP+MYSQL. A SQL injection vulnerability exists in the pluginproductclass.php page in the frontend of mallbuilder, which allows attackers to exploit the vulnerability to obtain sensitive information from the database...
SQL injection vulnerability in getip function of mallbuilder foreground convertip.php file
MallBuilder is a multi-user online shopping mall solution system based on PHP+MYSQL. The mallbuilder front-end getip function suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...
Cookie injection vulnerability in mallbuilder frontend v7.3.4 home.php file
MallBuilder is a multi-user online shopping mall solution system based on PHP+MYSQL. mallbuilder v7.3.4 has a SQL injection vulnerability in the foreground home.php, which allows attackers to obtain sensitive database information using common SQL injection tools...
SQL injection vulnerability in mallbuilder background admin/index.php page
MallBuilder is a multi-user online shopping mall solution system based on PHP+MYSQL. A SQL injection vulnerability exists in the admin/index.php page of the mallbuilder backend, which allows attackers to exploit the vulnerability to obtain sensitive database information...
SQL injection vulnerability in mallbuilder frontend admin/index.php page
MallBuilder is a multi-user online shopping mall solution system based on PHP+MYSQL. A SQL injection vulnerability exists in the admin/index.php page of mallbuilder, which allows attackers to obtain sensitive database information using common SQL injection tools...
mallbuilder foreground arbitrary file deletion vulnerability
MallBuilder is a multi-user online shopping mall solution based on PHP + MYSQL. An arbitrary file deletion vulnerability exists in the frontend of mallbuilder. Due to lib/smarty/movepic.php in the $GET'pname' external incoming parameters are not filtered, as a controllable parameter, when type =...
mallbuilder多用户商城 /module/product/admin/product.php 参数oid SQL注入漏洞
0x01漏洞简介 mallbuilder多用户商城系统在页面/module/product/admin/product.php处的参数oid 存在SQL注入漏洞。远程攻击者无需登陆,可以结合回显报错等方式,利用该漏洞执行SQL指令。 0x02漏洞详情 看到module/product/admin/product.php setorderstatu$GET'oid',6; $sqld="select from ".ORDER." where orderid=".$GET'oid'; 然后构造...
MallBuilder v5.8 smarty_config.php 参数key SQL注入漏洞
No description provided by source...
MallBuilder \admin\district.php id参数 SQL注入
No description provided by source...
MallBuilder \message\admin_message_list_delbox.php deid参数等两处SQL注入
No description provided by source...
MallBuilder payment\admin\bank_account_mod id参数 SQL注入
No description provided by source...
MallBuilder /cate_show_ajax.php catid参数 SQL注入
No description provided by source...
MallBuilder /pay/api/member.php userid参数 SQL注入
No description provided by source...