Lucene search
+L

87 matches found

CVE
CVE
added 2025/09/02 9:32 p.m.24 views

CVE-2025-9835

CVE-2025-9835 affects macrozheng mall up to version 1.0.3. The vulnerability resides in the cancelOrder function in /order/cancelUserOrder; manipulating the orderId parameter bypasses authorization, enabling a remote attack. Public disclosures/PoC appear in the connected sources, with CVSS estima...

5.3CVSS6.6AI score0.00304EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2025/09/02 9:32 p.m.5 views

CVE-2025-9835 macrozheng mall cancelUserOrder cancelOrder authorization

A vulnerability has been found in macrozheng mall up to 1.0.3. This affects the function cancelOrder of the file /order/cancelUserOrder. The manipulation of the argument orderId leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and m...

5.3CVSS5.5AI score0.00304EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/09/02 12:0 a.m.12 views

mall 安全漏洞

mall is an e-commerce system for macro individual developers, including the front-end mall system and back-end management system. A security vulnerability exists in mall 1.0.3 and earlier versions, which stems from an authorization bypass due to incorrect operation of the parameter orderId in the...

5.3CVSS4.9AI score0.00269EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/08/11 2:29 p.m.7 views

CVE-2025-8755

A vulnerability was found in macrozheng mall up to 1.0.3 and classified as problematic. This issue affects the function detail of the file UmsMemberController.java of the component com.macro.mall.portal.controller. The manipulation of the argument orderId leads to authorization bypass. The attack...

6.9CVSS7AI score0.0053EPSS
Exploits1References1
CVE
CVE
added 2025/08/09 2:2 p.m.23 views

CVE-2025-8755

CVE-2025-8755 affects macrozheng mall up to 1.0.3, specifically the UmsMemberController.detail(orderId) function. Root cause is an authorization bypass caused by manipulation of the orderId parameter, enabling remote access without proper rights. Several connected sources (e.g., PT-2025-32440) de...

6.9CVSS7AI score0.0053EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/09 2:2 p.m.5 views

CVE-2025-8755 macrozheng mall com.macro.mall.portal.controller UmsMemberController.java detail authorization

A vulnerability was found in macrozheng mall up to 1.0.3 and classified as problematic. This issue affects the function detail of the file UmsMemberController.java of the component com.macro.mall.portal.controller. The manipulation of the argument orderId leads to authorization bypass. The attack...

6.9CVSS7AI score0.0053EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/08/09 12:0 a.m.4 views

mall 安全漏洞

mall is an e-commerce system for macro individual developers, including the front-end mall system and back-end management system. A security vulnerability exists in mall 1.0.3 and earlier versions, which stems from improper handling of the parameter orderId in the file UmsMemberController.java,...

6.9CVSS5.5AI score0.0053EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/06/29 12:0 a.m.4 views

Code-Projects Inventory Management System 注入漏洞

Inventory Management System is an inventory management system. Inventory Management System has a SQL injection vulnerability that stems from insufficient filtering of the orderId parameter in the file /phpaction/editPayment.php. No details of the vulnerability are available at this time...

9.8CVSS8AI score0.00428EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/05/23 12:3 a.m.11 views

CVE-2022-43214

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at printOrder.php...

9.8CVSS8.3AI score0.0089EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:54 p.m.5 views

CVE-2022-43212

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at fetchOrderData.php...

9.8CVSS8.3AI score0.00871EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/16 12:26 a.m.8 views

CVE-2025-26156

A SQL Injection vulnerability was found in /shopping/track-orders.php in PHPGurukul Online Shopping Portal v2.1, which allows remote attackers to execute arbitrary code via orderid POST request parameter...

8.8CVSS8.8AI score0.0075EPSS
Exploits1References1
OSV
OSV
added 2025/02/14 5:15 p.m.4 views

CVE-2025-26156

A SQL Injection vulnerability was found in /shopping/track-orders.php in PHPGurukul Online Shopping Portal v2.1, which allows remote attackers to execute arbitrary code via orderid POST request parameter...

8.8CVSS6.2AI score0.0075EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/02/14 12:0 a.m.14 views

CVE-2025-26156

A SQL Injection vulnerability was found in /shopping/track-orders.php in PHPGurukul Online Shopping Portal v2.1, which allows remote attackers to execute arbitrary code via orderid POST request parameter...

0.0075EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/02/14 12:0 a.m.6 views

PT-2025-7125 · Unknown · Phpgurukul Online Shopping Portal

Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Shopping Portal version 2.1 Description: A SQL Injection issue was found in the /shopping/track-orders.php file, allowing remote attackers to execute arbitrary code via the orderid POST request parameter. Recommendations: Fo...

8.8CVSS8.1AI score0.0075EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2025/02/14 12:0 a.m.9 views

CVE-2025-26156

A SQL Injection vulnerability was found in /shopping/track-orders.php in PHPGurukul Online Shopping Portal v2.1, which allows remote attackers to execute arbitrary code via orderid POST request parameter...

9.2AI score0.0075EPSS
Exploits1References1
CVE
CVE
added 2025/02/14 12:0 a.m.82 views

CVE-2025-26156

CVE-2025-26156 affects PHPGurukul Online Shopping Portal v2.1, with a SQL Injection in /shopping/track-orders.php exploited via the orderid POST parameter. The vulnerability can allow remote code execution and has a CVSS v3.1 base score of 8.8 (HIGH) with network access, low attack complexity, an...

8.8CVSS8.9AI score0.0075EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2024/02/14 3:15 p.m.23 views

CVE-2024-25223

Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID parameter at /adminView/viewEachOrder.php...

9.8CVSS7.8AI score0.00628EPSS
Exploits1References1
Prion
Prion
added 2024/02/14 3:15 p.m.18 views

Sql injection

Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID parameter at /adminView/viewEachOrder.php...

8.6AI score0.00628EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/02/14 12:0 a.m.9 views

PT-2024-20834 · Unknown · Simple Admin Panel

Name of the Vulnerable Software and Affected Versions: Simple Admin Panel App version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the orderID parameter at the "/adminView/viewEachOrder.php" API endpoint. Recommendations: For Simp...

9.8CVSS6.9AI score0.00628EPSS
Exploits1References6
Cvelist
Cvelist
added 2024/02/14 12:0 a.m.34 views

CVE-2024-25223

Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID parameter at /adminView/viewEachOrder.php...

8.1AI score0.00628EPSS
Exploits1References1
Rows per page
Query Builder