Lucene search
+L

43 matches found

prion
prion
added 2024/02/14 3:15 p.m.17 views

Sql injection

Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID parameter at /adminView/viewEachOrder.php...

8.6AI score0.00628EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2024/02/14 12:0 a.m.8 views

PT-2024-20834 · Unknown · Simple Admin Panel

Name of the Vulnerable Software and Affected Versions: Simple Admin Panel App version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the orderID parameter at the "/adminView/viewEachOrder.php" API endpoint. Recommendations: For Simp...

9.8CVSS6.9AI score0.00628EPSS
Exploits1References6
vulnrichment
vulnrichment
added 2024/02/14 12:0 a.m.6 views

CVE-2024-25223

Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID parameter at /adminView/viewEachOrder.php...

9.9AI score0.00628EPSS
Exploits1References1
cvelist
cvelist
added 2024/02/14 12:0 a.m.33 views

CVE-2024-25223

Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID parameter at /adminView/viewEachOrder.php...

8.1AI score0.00628EPSS
Exploits1References1
cnvd
cnvd
added 2022/11/24 12:0 a.m.48 views

Billing System Project fetchOrderData.php SQL Injection Vulnerability

Billing System Project is a billing system project by Mayuri K. Individual developer. Billing System Project v1.0 suffers from a SQL injection vulnerability that stems from a lack of validation of the orderId parameter in fetchOrderData.php against an externally entered SQL statement. An attacker...

9.8CVSS9.6AI score0.00871EPSS
Exploits0References1
nvd
nvd
added 2022/11/22 6:15 p.m.20 views

CVE-2022-43212

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at fetchOrderData.php...

9.8CVSS0.00871EPSS
Exploits0References2
nvd
nvd
added 2022/11/22 1:15 a.m.35 views

CVE-2022-43214

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at printOrder.php...

9.8CVSS0.0089EPSS
Exploits0References2
osv
osv
added 2022/11/22 1:15 a.m.6 views

CVE-2022-43214

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at printOrder.php...

9.8CVSS5.8AI score0.0089EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2022/11/22 12:0 a.m.3 views

CVE-2022-43212

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at fetchOrderData.php...

9.8AI score0.00871EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2022/11/22 12:0 a.m.6 views

PT-2022-26795 · Unknown · Billing System Project

Name of the Vulnerable Software and Affected Versions: Billing System Project version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the orderId parameter at the "printOrder.php" endpoint. Recommendations: For Billing System Project...

9.8CVSS8.1AI score0.0089EPSS
Exploits0References6
cvelist
cvelist
added 2022/11/22 12:0 a.m.28 views

CVE-2022-43212

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at fetchOrderData.php...

10AI score0.00871EPSS
Exploits0References2
cvelist
cvelist
added 2022/11/22 12:0 a.m.32 views

CVE-2022-43214

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at printOrder.php...

10AI score0.0089EPSS
Exploits0References2
cnvd
cnvd
added 2022/03/30 12:0 a.m.38 views

WordPress Bank Mellat plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Bank Mellat plugin 1.3.7 and earlier versions have a cross-site scripting vulnerability that stems from a failure to clean a...

6.1CVSS1.1AI score0.00788EPSS
Exploits2References1
attackerkb
attackerkb
added 2022/03/28 6:15 p.m.5 views

CVE-2022-0643

The Bank Mellat WordPress plugin through 1.3.7 does not sanitize and escape the orderId parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.3AI score0.00788EPSS
Exploits2References2
wpvulndb
wpvulndb
added 2022/03/01 12:0 a.m.28 views

Bank Mellat <= 1.3.7 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the orderId parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. PoC https://example.com/wp-admin/admin.php?page=bank-mellat="...

6.1CVSS0.3AI score0.00788EPSS
Exploits2Affected Software1
prion
prion
added 2009/12/04 7:30 p.m.10 views

Sql injection

SQL injection vulnerability in myorders.php in MyMiniBill allows remote authenticated users to execute arbitrary SQL commands via the orderid parameter in a status action...

6.5CVSS8.6AI score0.00886EPSS
Exploits0References3
cvelist
cvelist
added 2009/12/04 7:0 p.m.16 views

CVE-2009-4198

SQL injection vulnerability in myorders.php in MyMiniBill allows remote authenticated users to execute arbitrary SQL commands via the orderid parameter in a status action...

7.9AI score0.00886EPSS
Exploits0References3
prion
prion
added 2007/06/11 10:30 p.m.13 views

Information disclosure

Almnzm allows remote attackers to obtain sensitive information via an activateorder request to index.php with an invalid orderid parameter, probably related to '' and '' characters...

5CVSS6.8AI score0.01205EPSS
Exploits0References3
nvd
nvd
added 2007/06/11 10:30 p.m.11 views

CVE-2007-3173

Almnzm allows remote attackers to obtain sensitive information via an activateorder request to index.php with an invalid orderid parameter, probably related to '' and '' characters...

5CVSS6.2AI score0.01205EPSS
Exploits0References3
prion
prion
added 2006/04/26 8:6 p.m.17 views

Sql injection

Multiple SQL injection vulnerabilities in QuickEStore 7.9 and earlier allow remote attackers to execute arbitrary SQL commands via 1 the OrderID parameter in a shipping.cfm and b checkout.cfm, 2 ItemID parameter in c proddetail.cfm, 3 SubCatID parameter in d index.cfm, the 4 CategoryID parameter ...

6.4CVSS8.9AI score0.01642EPSS
Exploits0References9Affected Software1
Rows per page
Query Builder