4 matches found
PT-2026-2300
Name of the Vulnerable Software and Affected Versions xmall version 1.1 Description An issue exists in xmall version 1.1 related to access control. Specifically, the /member/orderList API endpoint allows unauthorized access to other users' order details. This is achieved by manipulating the userI...
CVE-2023-1165
A vulnerability was found in Zhong Bang CRMEB Java 1.3.4. It has been classified as critical. This affects an unknown part of the file /api/admin/system/store/order/list. The manipulation of the argument keywords leads to sql injection. The exploit has been disclosed to the public and may be used...
PT-2023-16793 · Zhong Bang · Zhong Bang Crmeb Java
Name of the Vulnerable Software and Affected Versions: Zhong Bang CRMEB Java version 1.3.4 Description: A critical issue has been found, affecting the /api/admin/system/store/order/list endpoint. The manipulation of the keywords argument leads to SQL injection. The exploit has been disclosed to t...
SQL Injection Vulnerability in Hotel Online Direct Marketing Platform of Guangzhou Askway Information Technology Co.
Ltd. is a set of hotel online direct marketing technology and operation service system, focusing on building their own online direct marketing platform and system for hotels, providing consulting, advisory, training and other services to help hotels to improve the operation and revenue capacity...