87 matches found
CVE-2025-9835
CVE-2025-9835 affects macrozheng mall up to version 1.0.3. The vulnerability resides in the cancelOrder function in /order/cancelUserOrder; manipulating the orderId parameter bypasses authorization, enabling a remote attack. Public disclosures/PoC appear in the connected sources, with CVSS estima...
CVE-2025-9835 macrozheng mall cancelUserOrder cancelOrder authorization
A vulnerability has been found in macrozheng mall up to 1.0.3. This affects the function cancelOrder of the file /order/cancelUserOrder. The manipulation of the argument orderId leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and m...
mall 安全漏洞
mall is an e-commerce system for macro individual developers, including the front-end mall system and back-end management system. A security vulnerability exists in mall 1.0.3 and earlier versions, which stems from an authorization bypass due to incorrect operation of the parameter orderId in the...
CVE-2025-8755
A vulnerability was found in macrozheng mall up to 1.0.3 and classified as problematic. This issue affects the function detail of the file UmsMemberController.java of the component com.macro.mall.portal.controller. The manipulation of the argument orderId leads to authorization bypass. The attack...
CVE-2025-8755
CVE-2025-8755 affects macrozheng mall up to 1.0.3, specifically the UmsMemberController.detail(orderId) function. Root cause is an authorization bypass caused by manipulation of the orderId parameter, enabling remote access without proper rights. Several connected sources (e.g., PT-2025-32440) de...
CVE-2025-8755 macrozheng mall com.macro.mall.portal.controller UmsMemberController.java detail authorization
A vulnerability was found in macrozheng mall up to 1.0.3 and classified as problematic. This issue affects the function detail of the file UmsMemberController.java of the component com.macro.mall.portal.controller. The manipulation of the argument orderId leads to authorization bypass. The attack...
mall 安全漏洞
mall is an e-commerce system for macro individual developers, including the front-end mall system and back-end management system. A security vulnerability exists in mall 1.0.3 and earlier versions, which stems from improper handling of the parameter orderId in the file UmsMemberController.java,...
Code-Projects Inventory Management System 注入漏洞
Inventory Management System is an inventory management system. Inventory Management System has a SQL injection vulnerability that stems from insufficient filtering of the orderId parameter in the file /phpaction/editPayment.php. No details of the vulnerability are available at this time...
CVE-2022-43214
Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at printOrder.php...
CVE-2022-43212
Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at fetchOrderData.php...
CVE-2025-26156
A SQL Injection vulnerability was found in /shopping/track-orders.php in PHPGurukul Online Shopping Portal v2.1, which allows remote attackers to execute arbitrary code via orderid POST request parameter...
CVE-2025-26156
A SQL Injection vulnerability was found in /shopping/track-orders.php in PHPGurukul Online Shopping Portal v2.1, which allows remote attackers to execute arbitrary code via orderid POST request parameter...
CVE-2025-26156
A SQL Injection vulnerability was found in /shopping/track-orders.php in PHPGurukul Online Shopping Portal v2.1, which allows remote attackers to execute arbitrary code via orderid POST request parameter...
PT-2025-7125 · Unknown · Phpgurukul Online Shopping Portal
Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Shopping Portal version 2.1 Description: A SQL Injection issue was found in the /shopping/track-orders.php file, allowing remote attackers to execute arbitrary code via the orderid POST request parameter. Recommendations: Fo...
CVE-2025-26156
A SQL Injection vulnerability was found in /shopping/track-orders.php in PHPGurukul Online Shopping Portal v2.1, which allows remote attackers to execute arbitrary code via orderid POST request parameter...
CVE-2025-26156
CVE-2025-26156 affects PHPGurukul Online Shopping Portal v2.1, with a SQL Injection in /shopping/track-orders.php exploited via the orderid POST parameter. The vulnerability can allow remote code execution and has a CVSS v3.1 base score of 8.8 (HIGH) with network access, low attack complexity, an...
CVE-2024-25223
Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID parameter at /adminView/viewEachOrder.php...
Sql injection
Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID parameter at /adminView/viewEachOrder.php...
PT-2024-20834 · Unknown · Simple Admin Panel
Name of the Vulnerable Software and Affected Versions: Simple Admin Panel App version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the orderID parameter at the "/adminView/viewEachOrder.php" API endpoint. Recommendations: For Simp...
CVE-2024-25223
Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID parameter at /adminView/viewEachOrder.php...