PT-2026-35710

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. The impacted element is the function save order of the file /admin/ajax.php?action=save order. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit is now public...

PT-2026-35822

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function save order of the file /admin/ajax.php?action=save order. Performing a manipulation of the argument first name results in cross site scripting. Remote exploitation of the attack is possible. The...

CVE-2025-15084

A vulnerability was identified in youlaitech youlai-mall 1.0.0/2.0.0. The impacted element is the function orderService.payOrder of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java of the component Order Payment Handler. The manipulation leads to...

CVE-2025-15084

A vulnerability was identified in youlaitech youlai-mall 1.0.0/2.0.0. The impacted element is the function orderService.payOrder of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java of the component Order Payment Handler. The manipulation leads to...

PT-2025-48079

Insecure Direct Object Reference IDOR in the Track order function in PHPGURUKUL Online Shopping Portal 2.1 allows information disclosure via the oid parameter...

CVE-2025-65647

Insecure Direct Object Reference IDOR in the Track order function in PHPGURUKUL Online Shopping Portal 2.1 allows information disclosure via the oid parameter...

CVE-2025-65647

Insecure Direct Object Reference IDOR in the Track order function in PHPGURUKUL Online Shopping Portal 2.1 allows information disclosure via the oid parameter...

CVE-2025-13117

A security vulnerability has been detected in macrozheng mall-swarm and mall up to 1.0.3. Affected by this vulnerability is the function cancelOrder of the file /order/cancelOrder. The manipulation of the argument orderId leads to improper authorization. The attack can be initiated remotely. The...

EUVD-2025-26465

Malicious code in bioql PyPI...

EUVD-2025-24088

Malicious code in bioql PyPI...

CVE-2025-9835 macrozheng mall cancelUserOrder cancelOrder authorization

A vulnerability has been found in macrozheng mall up to 1.0.3. This affects the function cancelOrder of the file /order/cancelUserOrder. The manipulation of the argument orderId leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and m...

CVE-2024-13342 Booster for WooCommerce <= 7.2.4 - Unauthenticated Double Extension Arbitrary File Upload

The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'addfilestoorder' function in all versions up to, and including, 7.2.4. This makes it possible for unauthenticated attackers to upload arbitrary files with double...

CVE-2025-8808

A vulnerability was found in xujeff tianti 天梯 up to 2.3. It has been rated as problematic. This issue affects the function exportOrder of the file /tianti-module-admin/user/ajax/save of the component com.jeff.tianti.controller. The manipulation leads to csv injection. The attack may be initiated...

CVE-2023-1986

A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. Affected is the function deleteorder of the file /classes/master.php?f=deleteorder. The manipulation of the argument id leads to sql injection. It is possible to launch the attack...

PT-2024-37313 · WordPress · Cost Calculator Builder

Name of the Vulnerable Software and Affected Versions: Cost Calculator Builder PRO plugin for WordPress versions up to, and including, 3.2.1 Description: The Cost Calculator Builder PRO plugin for WordPress is vulnerable to price manipulation. This issue arises because the plugin allows the price...

PT-2023-17393 · Sourcecodester · Sourcecodester Online Computer/Laptop Store

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Computer and Laptop Store version 1.0 Description: A critical issue was found in the function delete order of the file /classes/master.php?f=delete order. The manipulation of the argument id leads to sql injection. It is...

Accruent LLC Maintenance Connection SQL注入漏洞

Accruent LLC Maintenance Connection is a comprehensive work order management, preventive maintenance program and parts inventory solution. A security vulnerability exists in Accruent LLC Maintenance Connection versions 2021 and 2022.2, which stems from an SQL injection during emailing to the work...

CVE-2020-19455

SQL injection exists in the jdownloads 3.2.63 component for Joomla! via components/comjdownloads/helpers/categories.php, order function via the filterorder parameter...

CVE-2020-19455

SQL injection exists in the jdownloads 3.2.63 component for Joomla! via components/comjdownloads/helpers/categories.php, order function via the filterorder parameter...

Zend Framework 'Zend_Db_Select::order()' function SQL Injection Vulnerability

Zend Framework ZF is the United States Zend company developed a set of open source PHP5 development framework , it is mainly used for the development of Web programs and services. A SQL injection vulnerability exists in versions of Zend Framework prior to 1.12.7, which stems from the program's...