Lucene search
K

35 matches found

Positive Technologies
Positive Technologies
added 2025/12/28 12:0 a.m.9 views

PT-2025-53664

Name of the Vulnerable Software and Affected Versions rawchen ecms affected versions not specified Description A cross site scripting issue exists in rawchen ecms. The updateProductServlet function within the src/servlet/product/updateProductServlet.java file, specifically related to the Add New...

4.8CVSS5.6AI score0.00206EPSS
Exploits0References9
OSV
OSV
added 2025/10/16 8:48 p.m.2 views

GHSA-JQRP-58FV-W8CQ bagisto has CSV Formula Injection in Create New Product

Summary When product data that begins with a spreadsheet formula character for example =, +, -, or @ is accepted and later exported or saved into a CSV and opened in spreadsheet software, the spreadsheet will interpret that cell as a formula. This allows an attacker to supply a CSV field e.g.,...

9CVSS7.2AI score0.00357EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/10/16 6:32 p.m.2 views

CVE-2025-62417 bagisto - CSV Formula Injection in Create New Product

Bagisto is an open source laravel eCommerce platform. When product data that begins with a spreadsheet formula character for example =, +, -, or @ is accepted and later exported or saved into a CSV and opened in spreadsheet software, the spreadsheet will interpret that cell as a formula. This...

8.5CVSS6.7AI score0.00357EPSS
Exploits1References1
CVE
CVE
added 2025/10/16 6:32 p.m.11 views

CVE-2025-62417

Bagisto (open-source Laravel eCommerce platform) is affected by CVE-2025-62417 due to improper handling of leading spreadsheet formula characters (e.g., =, +, -, @) in CSV data, allowing formulas to be interpreted when a CSV is opened in spreadsheet software. This leads to potential data exfiltra...

8.5CVSS6.7AI score0.00357EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-23465

Malicious code in bioql PyPI...

8.8CVSS5.5AI score0.00746EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-26471

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00299EPSS
Exploits1References5
CNVD
CNVD
added 2025/09/05 12:0 a.m.3 views

Mobile Shop Management System AddNewProduct.php file code problem vulnerability

Mobile Shop Management System is a store management system. Mobile Shop Management System has a code issue vulnerability that stems from the lack of valid validation of uploaded files in the parameter ProductImage in the file AddNewProduct.php. An attacker can exploit this vulnerability to upload...

8.8CVSS7.2AI score0.00299EPSS
Exploits1References1
NVD
NVD
added 2025/09/03 12:15 a.m.3 views

CVE-2025-9841

A security vulnerability has been detected in code-projects Mobile Shop Management System 1.0. This affects an unknown function of the file AddNewProduct.php. The manipulation of the argument ProductImage leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit...

8.8CVSS0.00299EPSS
Exploits1References5
OSV
OSV
added 2025/09/03 12:15 a.m.4 views

CVE-2025-9841

A security vulnerability has been detected in code-projects Mobile Shop Management System 1.0. This affects an unknown function of the file AddNewProduct.php. The manipulation of the argument ProductImage leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit...

8.8CVSS5.5AI score0.00299EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/09/03 12:0 a.m.3 views

Mobile Shop Management System 代码问题漏洞

Mobile Shop Management System is a store management system. Mobile Shop Management System has a code issue vulnerability that stems from the lack of valid validation of uploaded files in the parameter ProductImage in the file AddNewProduct.php. An attacker can exploit this vulnerability to upload...

8.8CVSS7.2AI score0.00299EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/09/02 11:32 p.m.5 views

CVE-2025-9841 code-projects Mobile Shop Management System AddNewProduct.php unrestricted upload

A security vulnerability has been detected in code-projects Mobile Shop Management System 1.0. This affects an unknown function of the file AddNewProduct.php. The manipulation of the argument ProductImage leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit...

6.5CVSS6.6AI score0.00299EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/09/02 11:32 p.m.8 views

CVE-2025-9841 code-projects Mobile Shop Management System AddNewProduct.php unrestricted upload

A security vulnerability has been detected in code-projects Mobile Shop Management System 1.0. This affects an unknown function of the file AddNewProduct.php. The manipulation of the argument ProductImage leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit...

6.5CVSS0.00299EPSS
Exploits1References5
CVE
CVE
added 2025/09/02 11:32 p.m.18 views

CVE-2025-9841

The CVE-2025-9841 vulnerability affects code-projects Mobile Shop Management System 1.0, specifically AddNewProduct.php. It permits unrestricted upload by manipulating the ProductImage parameter, enabling remote exploitation. Multiple connected sources describe the issue consistently, citing that...

8.8CVSS6.4AI score0.00299EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 2:32 a.m.4 views

CVE-2023-1185

A vulnerability, which was classified as problematic, was found in ECshop up to 4.1.8. This affects an unknown part of the component New Product Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and...

8.8CVSS7AI score0.00746EPSS
Exploits0References1
Prion
Prion
added 2023/06/15 8:15 a.m.16 views

Privilege escalation

During internal security analysis, a local privilege escalation vulnerability has been identified. On a machine with the affected ESET product installed, it was possible for a user with lower privileges due to improper privilege management to trigger actions with root privileges. ESET remedied th...

4.3CVSS7.8AI score0.00148EPSS
Exploits0References1Affected Software3
BDU FSTEC
BDU FSTEC
added 2023/04/04 12:0 a.m.7 views

The vulnerability of the New Product Handler component in the ECShop e-commerce center system allows a hacker to upload arbitrary files.

The vulnerability of the New Product Handler component in the ECShop e-commerce center system is related to the ability to upload unlimited files of a dangerous type. Exploiting this vulnerability allows a remote attacker to upload any desired files...

10CVSS5.9AI score0.00746EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/03/06 8:15 a.m.3 views

CVE-2023-1185

A vulnerability, which was classified as problematic, was found in ECshop up to 4.1.8. This affects an unknown part of the component New Product Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and...

8.8CVSS5.2AI score0.00746EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/03/06 12:0 a.m.5 views

PT-2023-2087 · Ecshop · Ecshop

Name of the Vulnerable Software and Affected Versions: ECshop versions up to 4.1.8 Description: A vulnerability was found in the New Product Handler component of ECshop, allowing for unrestricted file upload. This can be exploited remotely, potentially allowing an attacker to upload arbitrary...

10CVSS7.3AI score0.00746EPSS
Exploits0References8
Huntr
Huntr
added 2022/05/09 10:37 a.m.9 views

Reflected Cross site scripting

Description When a user add new product with a supplier, supplier reference field is responsible to rxss Proof of Concept 1. Navigate to http://localhost/invoices/EditProducto?code=1&action=save-ok and goto supplier tab 2. Click on Add and in "Supplier reference" field add hey...

Exploits0
Huntr
Huntr
added 2021/10/19 12:35 p.m.15 views

Cross-site Scripting (XSS) - Stored in boxbilling/boxbilling

Description Stored XSS at parameter 'iconurl' when Create New Product, New Category or New Addon Proof of Concept // PoC.req POST /BoxBilling/src/index.php?url=/api/admin/product/update HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:94.0 Gecko/20100101...

0.1AI score
Exploits0References1
Rows per page
Query Builder