EUVD-2025-11283

Malicious code in bioql PyPI...

CVE-2024-58248

nopCommerce through 4.90.1 does not offer locking for order placement. Thus there is a race condition with duplicate redeeming of gift cards...

CVE-2024-58248

nopCommerce through 4.90.1 does not offer locking for order placement. Thus there is a race condition with duplicate redeeming of gift cards...

CVE-2024-58248

CVE-2024-58248 affects nopCommerce prior to 4.80.0 (public notes reference up to 4.90.1) where order placement lacks locking, enabling a race condition that can allow duplicate gift card redemption. Public advisories (NVD/Red Hat/OSV/Snyk) confirm the issue and cite a remediation to upgrade to ve...

PT-2025-16623

Name of the Vulnerable Software and Affected Versions nopCommerce versions prior to 4.80.0 Description The issue is related to a race condition that allows for the duplicate redeeming of gift cards due to the lack of locking for order placement. Recommendations For versions prior to 4.80.0, updat...

CVE-2024-58248

nopCommerce through 4.90.1 does not offer locking for order placement. Thus there is a race condition with duplicate redeeming of gift cards...

nopCommerce 安全漏洞

nopCommerce is an open source, general purpose e-commerce platform from nopCommerce, Inc. A security vulnerability exists in nopCommerce versions prior to 4.80.0 that stems from a lack of locking mechanism for order placement, which could lead to double redemption of gift cards...

CVE-2024-58248

nopCommerce through 4.90.1 does not offer locking for order placement. Thus there is a race condition with duplicate redeeming of gift cards...

XDcms订餐网站系统单店版注入(demo测试)

简要描述： rt 详细说明： 黑盒demo测试 首先注册一个用户，然后修改用户资料 http://dd.xdcms.cn/index.php?m=member&f=edit 修改完成之后，下单点餐。 然后报错了。二次注入 由于demo有安全狗，就没用深入测试了。 漏洞证明：...

ecshop XSS跨站脚本漏洞，直接搞进后台 你们懂的！

简要描述： 如题。。。 详细说明： 漏洞影响版本,尚未挨个确认！ 有的版本你插入进去后 会有个文件对你插入的值进行确认 那种版本的X不鸟！ 其他版本的 差不多 都可以！ 存在于ecshop 下订单的地方！ 把订单资料给填的详细一点，因为有个版本需要打印订单才能X到！ 你只需要在下订单的那个附近标志物的输入框里 填写你的XSS代码即可！ 然后在备注里面也写上 然后直接提交订单！ 目前测试的几个版本来讲 有的点开订单 就会X到 还有个需要打印订单才能X到！ 漏洞证明：...

Pre Multi-Vendor SHopping Malls SQL Injection

--------------------------------------------------------------------------- +Title Multi-Vendor Shopping Malls SQL Injection Vulnerability +Author RoAdKiLlEr +Contact RoAdKiLlEratKhg-CrewdotWs +Tested on Win Xp Sp 2/3 ---------------------------------------------------------------------------...

Sunbyte eFlower Script SQL Injection Vulnerability

Exploit for php platform in category web applications ================================================== Sunbyte eFlower Script SQL Injection Vulnerability ================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\...

Sunbyte e-Flower SQL Injection & Xss Vulnerability

Exploit for php platform in category web applications ================================================== Sunbyte e-Flower SQL Injection & Xss Vulnerability ================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\...

ezWaiter v3.0 - XSS

ezWaiter v3.0 Homepage: http://www.ezwaiter.com/ Affected files: Placing an order login.php ------------------------------------------- XSS vuln when placing an order: User input is not sanatized before being generated. For a PoC in the two boxes labeled "Who is this item for?" and "Special...