CVE-2017-17614

CVE-2017-17614 refers to a SQL Injection in Food Order Script 1.0, exploitable via the /list city parameter. Multiple sources (CNVD, CVE records, CIRCL) confirm the injection and public exploits exist (e.g., Exploit-DB). CVSS metrics indicate a high/critical impact with network access and no auth...

CVE-2017-17614

Food Order Script 1.0 has SQL Injection via the /list city parameter...

Food Order Script 1.0 SQL Injection

Exploit Title: Food Order Script 1.0 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/food-order-script-2/ Demo: http://ordermanagementscript.com/demo/food-order/ Version: 1.0 Category: Webapps Tested...

Food Order Script 1.0 - list?city SQL Injection

Food Order Script 1.0 - list?city SQL Injection Exploit Title: Food Order Script 1.0 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/food-order-script-2/ Demo:...

CVE-2007-6646

Multiple cross-site scripting XSS vulnerabilities in LiveCart 1.0.1, and possibly other versions before 1.1.0, allow remote attackers to inject arbitrary web script or HTML via 1 the return parameter to user/remindPassword, 2 the q parameter to the category script, 3 the return parameter to the...

CVE-2007-6646

Multiple cross-site scripting XSS vulnerabilities in LiveCart 1.0.1, and possibly other versions before 1.1.0, allow remote attackers to inject arbitrary web script or HTML via 1 the return parameter to user/remindPassword, 2 the q parameter to the category script, 3 the return parameter to the...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in LiveCart 1.0.1, and possibly other versions before 1.1.0, allow remote attackers to inject arbitrary web script or HTML via 1 the return parameter to user/remindPassword, 2 the q parameter to the category script, 3 the return parameter to the...