21 matches found
EUVD-2026-17253
A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected is an unknown function of the file /form/order.php of the component Order Module. Such manipulation of the argument custid leads to cross site scripting. The attack may be performed from remote. The exploit ...
CVE-2026-5157
A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected is an unknown function of the file /form/order.php of the component Order Module. Such manipulation of the argument custid leads to cross site scripting. The attack may be performed from remote. The exploit ...
CVE-2026-5157 code-projects Online Food Ordering System Order order.php cross site scripting
A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected is an unknown function of the file /form/order.php of the component Order Module. Such manipulation of the argument custid leads to cross site scripting. The attack may be performed from remote. The exploit ...
CVE-2026-5157
A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected is an unknown function of the file /form/order.php of the component Order Module. Such manipulation of the argument custid leads to cross site scripting. The attack may be performed from remote. The exploit ...
CVE-2026-5157
CVE-2026-5157 affects code-projects Online Food Ordering System 1.0, specifically the Order Module’s /form/order.php. The vulnerability arises from manipulating the cust_id argument, enabling cross-site scripting (XSS). Exploitation can be performed remotely, and a public exploit is available. Do...
PT-2026-29144
A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected is an unknown function of the file /form/order.php of the component Order Module. Such manipulation of the argument cust id leads to cross site scripting. The attack may be performed from remote. The exploit...
CVE-2021-47909
Mult-E-Cart Ultimate 2.4 contains multiple SQL injection vulnerabilities in inventory, customer, vendor, and order modules. Remote attackers with privileged vendor or admin roles can exploit the 'id' parameter to execute malicious SQL commands and compromise the database management system...
CVE-2021-47909 Mult-E-Cart Ultimate 2.4 SQL Injection via Vulnerable ID Parameters
Mult-E-Cart Ultimate 2.4 contains multiple SQL injection vulnerabilities in inventory, customer, vendor, and order modules. Remote attackers with privileged vendor or admin roles can exploit the 'id' parameter to execute malicious SQL commands and compromise the database management system...
CVE-2021-47909 Mult-E-Cart Ultimate 2.4 SQL Injection via Vulnerable ID Parameters
Mult-E-Cart Ultimate 2.4 contains multiple SQL injection vulnerabilities in inventory, customer, vendor, and order modules. Remote attackers with privileged vendor or admin roles can exploit the 'id' parameter to execute malicious SQL commands and compromise the database management system...
CVE-2021-47909
Mult-E-Cart Ultimate 2.4 contains multiple SQL injection vulnerabilities in inventory, customer, vendor, and order modules. Remote attackers with privileged vendor or admin roles can exploit the 'id' parameter to execute malicious SQL commands and compromise the database management system...
CVE-2021-47909
CVE-2021-47909 concerns Mult-E-Cart Ultimate 2.4, with multiple SQL injection flaws in the inventory, customer, vendor, and order modules. The underlying issue is injectable SQL via the vulnerable id parameter, which remote attackers with vendor/admin privileges could exploit to run arbitrary SQL...
Mult-E-Cart Ultimate SQL注入漏洞
Mult-E-Cart Ultimate is an e-commerce platform script developed by the Indian company Mult-E-Cart. Version 2.4 of Mult-E-Cart Ultimate contains a SQL injection vulnerability. This vulnerability stems from multiple SQL injection vulnerabilities present in the inventory, customer, supplier, and ord...
PT-2026-5555
Name of the Vulnerable Software and Affected Versions Mult-E-Cart Ultimate version 2.4 Description The software contains multiple SQL injection flaws within the inventory, customer, vendor, and order modules. Attackers with vendor or administrator privileges can exploit the id parameter to execut...
CVE-2025-12919 EverShop Order Order.resolvers.js resource injection
A vulnerability was detected in EverShop up to 2.0.1. Affected is an unknown function of the file /src/modules/oms/graphql/types/Order/Order.resolvers.js of the component Order Handler. The manipulation of the argument uuid results in improper control of resource identifiers. The attack may be...
CVE-2023-30195
In the module "Detailed Order" lgdetailedorder in version up to 1.1.20 from Linea Grafica for PrestaShop, a guest can download personal informations without restriction formatted in json...
CVE-2023-30195
In the module "Detailed Order" lgdetailedorder in version up to 1.1.20 from Linea Grafica for PrestaShop, a guest can download personal informations without restriction formatted in json...
CVE-2023-30195
In the module "Detailed Order" lgdetailedorder in version up to 1.1.20 from Linea Grafica for PrestaShop, a guest can download personal informations without restriction formatted in json...
PrestaShop 安全漏洞
PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, SMS alerts, and product image zoom and other features. A security vulnerability exists in PrestaShop Fast Access to Order Details 1.1.20 and earlier version...
Webiness Inventory 2.3 - order SQL Injection
Webiness Inventory 2.3 - order SQL Injection Exploit Title: Webiness Inventory 2.3 - SQL Injection Dork: N/A Date: 2018-11-11 Exploit Author: Ihsan Sencan Vendor Homepage: https://github.com/webiness/webinessinventory Software Link:...
CVE-2017-15374
Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script code into the firstname, lastname, or order input fields to provoke persistent execution in the...