43 matches found
Sql injection
Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID parameter at /adminView/viewEachOrder.php...
PT-2024-20834 · Unknown · Simple Admin Panel
Name of the Vulnerable Software and Affected Versions: Simple Admin Panel App version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the orderID parameter at the "/adminView/viewEachOrder.php" API endpoint. Recommendations: For Simp...
CVE-2024-25223
Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID parameter at /adminView/viewEachOrder.php...
CVE-2024-25223
Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID parameter at /adminView/viewEachOrder.php...
Billing System Project fetchOrderData.php SQL Injection Vulnerability
Billing System Project is a billing system project by Mayuri K. Individual developer. Billing System Project v1.0 suffers from a SQL injection vulnerability that stems from a lack of validation of the orderId parameter in fetchOrderData.php against an externally entered SQL statement. An attacker...
CVE-2022-43212
Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at fetchOrderData.php...
CVE-2022-43214
Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at printOrder.php...
CVE-2022-43214
Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at printOrder.php...
CVE-2022-43212
Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at fetchOrderData.php...
PT-2022-26795 · Unknown · Billing System Project
Name of the Vulnerable Software and Affected Versions: Billing System Project version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the orderId parameter at the "printOrder.php" endpoint. Recommendations: For Billing System Project...
CVE-2022-43212
Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at fetchOrderData.php...
CVE-2022-43214
Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at printOrder.php...
WordPress Bank Mellat plugin cross-site scripting vulnerability
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Bank Mellat plugin 1.3.7 and earlier versions have a cross-site scripting vulnerability that stems from a failure to clean a...
CVE-2022-0643
The Bank Mellat WordPress plugin through 1.3.7 does not sanitize and escape the orderId parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...
Bank Mellat <= 1.3.7 - Reflected Cross-Site Scripting
The plugin does not sanitize and escape the orderId parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. PoC https://example.com/wp-admin/admin.php?page=bank-mellat="...
Sql injection
SQL injection vulnerability in myorders.php in MyMiniBill allows remote authenticated users to execute arbitrary SQL commands via the orderid parameter in a status action...
CVE-2009-4198
SQL injection vulnerability in myorders.php in MyMiniBill allows remote authenticated users to execute arbitrary SQL commands via the orderid parameter in a status action...
Information disclosure
Almnzm allows remote attackers to obtain sensitive information via an activateorder request to index.php with an invalid orderid parameter, probably related to '' and '' characters...
CVE-2007-3173
Almnzm allows remote attackers to obtain sensitive information via an activateorder request to index.php with an invalid orderid parameter, probably related to '' and '' characters...
Sql injection
Multiple SQL injection vulnerabilities in QuickEStore 7.9 and earlier allow remote attackers to execute arbitrary SQL commands via 1 the OrderID parameter in a shipping.cfm and b checkout.cfm, 2 ItemID parameter in c proddetail.cfm, 3 SubCatID parameter in d index.cfm, the 4 CategoryID parameter ...