35 matches found
PT-2025-53664
Name of the Vulnerable Software and Affected Versions rawchen ecms affected versions not specified Description A cross site scripting issue exists in rawchen ecms. The updateProductServlet function within the src/servlet/product/updateProductServlet.java file, specifically related to the Add New...
GHSA-JQRP-58FV-W8CQ bagisto has CSV Formula Injection in Create New Product
Summary When product data that begins with a spreadsheet formula character for example =, +, -, or @ is accepted and later exported or saved into a CSV and opened in spreadsheet software, the spreadsheet will interpret that cell as a formula. This allows an attacker to supply a CSV field e.g.,...
CVE-2025-62417 bagisto - CSV Formula Injection in Create New Product
Bagisto is an open source laravel eCommerce platform. When product data that begins with a spreadsheet formula character for example =, +, -, or @ is accepted and later exported or saved into a CSV and opened in spreadsheet software, the spreadsheet will interpret that cell as a formula. This...
CVE-2025-62417
Bagisto (open-source Laravel eCommerce platform) is affected by CVE-2025-62417 due to improper handling of leading spreadsheet formula characters (e.g., =, +, -, @) in CSV data, allowing formulas to be interpreted when a CSV is opened in spreadsheet software. This leads to potential data exfiltra...
EUVD-2023-23465
Malicious code in bioql PyPI...
EUVD-2025-26471
Malicious code in bioql PyPI...
Mobile Shop Management System AddNewProduct.php file code problem vulnerability
Mobile Shop Management System is a store management system. Mobile Shop Management System has a code issue vulnerability that stems from the lack of valid validation of uploaded files in the parameter ProductImage in the file AddNewProduct.php. An attacker can exploit this vulnerability to upload...
CVE-2025-9841
A security vulnerability has been detected in code-projects Mobile Shop Management System 1.0. This affects an unknown function of the file AddNewProduct.php. The manipulation of the argument ProductImage leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit...
CVE-2025-9841
A security vulnerability has been detected in code-projects Mobile Shop Management System 1.0. This affects an unknown function of the file AddNewProduct.php. The manipulation of the argument ProductImage leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit...
Mobile Shop Management System 代码问题漏洞
Mobile Shop Management System is a store management system. Mobile Shop Management System has a code issue vulnerability that stems from the lack of valid validation of uploaded files in the parameter ProductImage in the file AddNewProduct.php. An attacker can exploit this vulnerability to upload...
CVE-2025-9841 code-projects Mobile Shop Management System AddNewProduct.php unrestricted upload
A security vulnerability has been detected in code-projects Mobile Shop Management System 1.0. This affects an unknown function of the file AddNewProduct.php. The manipulation of the argument ProductImage leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit...
CVE-2025-9841 code-projects Mobile Shop Management System AddNewProduct.php unrestricted upload
A security vulnerability has been detected in code-projects Mobile Shop Management System 1.0. This affects an unknown function of the file AddNewProduct.php. The manipulation of the argument ProductImage leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit...
CVE-2025-9841
The CVE-2025-9841 vulnerability affects code-projects Mobile Shop Management System 1.0, specifically AddNewProduct.php. It permits unrestricted upload by manipulating the ProductImage parameter, enabling remote exploitation. Multiple connected sources describe the issue consistently, citing that...
CVE-2023-1185
A vulnerability, which was classified as problematic, was found in ECshop up to 4.1.8. This affects an unknown part of the component New Product Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and...
Privilege escalation
During internal security analysis, a local privilege escalation vulnerability has been identified. On a machine with the affected ESET product installed, it was possible for a user with lower privileges due to improper privilege management to trigger actions with root privileges. ESET remedied th...
The vulnerability of the New Product Handler component in the ECShop e-commerce center system allows a hacker to upload arbitrary files.
The vulnerability of the New Product Handler component in the ECShop e-commerce center system is related to the ability to upload unlimited files of a dangerous type. Exploiting this vulnerability allows a remote attacker to upload any desired files...
CVE-2023-1185
A vulnerability, which was classified as problematic, was found in ECshop up to 4.1.8. This affects an unknown part of the component New Product Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and...
PT-2023-2087 · Ecshop · Ecshop
Name of the Vulnerable Software and Affected Versions: ECshop versions up to 4.1.8 Description: A vulnerability was found in the New Product Handler component of ECshop, allowing for unrestricted file upload. This can be exploited remotely, potentially allowing an attacker to upload arbitrary...
Reflected Cross site scripting
Description When a user add new product with a supplier, supplier reference field is responsible to rxss Proof of Concept 1. Navigate to http://localhost/invoices/EditProducto?code=1&action=save-ok and goto supplier tab 2. Click on Add and in "Supplier reference" field add hey...
Cross-site Scripting (XSS) - Stored in boxbilling/boxbilling
Description Stored XSS at parameter 'iconurl' when Create New Product, New Category or New Addon Proof of Concept // PoC.req POST /BoxBilling/src/index.php?url=/api/admin/product/update HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:94.0 Gecko/20100101...