CVE-2026-4563

A weakness has been identified in MacCMS up to 2025.1000.4052. This vulnerability affects the function orderinfo of the file application/index/controller/User.php of the component Member Order Detail Interface. This manipulation of the argument orderid causes authorization bypass. It is possible ...

EUVD-2026-14339

A weakness has been identified in MacCMS up to 2025.1000.4052. This vulnerability affects the function orderinfo of the file application/index/controller/User.php of the component Member Order Detail Interface. This manipulation of the argument orderid causes authorization bypass. It is possible ...

CVE-2026-1906 PDF Invoices & Packing Slips for WooCommerce <= 5.6.0 - Missing Authorization to Authenticated (Subscriber+) Peppol Identifier Modification

The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.6.0 via the wpoipsedisaveordercustomerpeppolidentifiers AJAX action due to missing capability checks and order ownership validation. This...

CVE-2026-1733

A vulnerability was identified in Zhong Bang CRMEB up to 5.6.3. This affects the function detail/tidyOrder of the file /api/storeintegral/order/detail/:uni. The manipulation of the argument orderid leads to improper authorization. The attack can be initiated remotely. The exploit is publicly...

CRMEB 授权问题漏洞

CRMEB is an open-source Java e-commerce system developed by CRMEB. Versions of CRMEB 5.6.3 and earlier contained a vulnerability related to authorization issues. This vulnerability stemmed from incorrect handling of the orderid parameter in files like /api/storeintegral/order/detail/:uni, which...

CVE-2025-11596 code-projects E-Commerce Website delete_order_details.php sql injection

A vulnerability was determined in code-projects E-Commerce Website 1.0. The affected element is an unknown function of the file /pages/deleteorderdetails.php. Executing manipulation of the argument orderid can lead to sql injection. The attack can be executed remotely. The exploit has been public...

EUVD-2006-5092

Malware in sbrugna...

EUVD-2009-4536

Malware in sbrugna...

EUVD-2025-10384

Malicious code in bioql PyPI...

EUVD-2025-14176

Malicious code in bioql PyPI...

CVE-2021-24402

The Orders functionality in the WP iCommerce WordPress plugin through 1.1.1 has an orderid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors...

CVE-2025-46192

SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in userpaymentupdate.php via the orderid POST parameter...

CVE-2025-46189

SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in userordercustomerupdate.php via the orderid POST parameter...

CVE-2025-46190

SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in userdeliveryupdate.php via the orderid POST parameter...

CVE-2025-46189

SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in userordercustomerupdate.php via the orderid POST parameter...

CVE-2025-46189

SourceCodester Client Database Management System 1.0 is affected by a SQL Injection in user_order_customer_update.php via the order_id POST parameter. Root cause: improper handling/validation of the order_id parameter. Impact: potential unauthorized access/modification of the database (per CVSS 3...

CVE-2025-46190

CVE-2025-46190 affects SourceCodester Client Database Management System 1.0, with a SQL Injection vulnerability in the file user_delivery_update.php exploitable via the POST parameter order_id . The CVE has a high impact (CVSS 3.1: 9.8, CRITICAL) with network attack vector, no privileges required...

CVE-2025-46189

SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in userordercustomerupdate.php via the orderid POST parameter...

CVE-2025-3405 FCJ Venture Builder appclientefiel HTTP GET Request ObterPedido resource injection

A vulnerability was found in FCJ Venture Builder appclientefiel 3.0.27. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /rest/cliente/ObterPedido/ of the component HTTP GET Request Handler. The manipulation of the argument ORDERID leads ...

CVE-2025-3405 FCJ Venture Builder appclientefiel HTTP GET Request ObterPedido resource injection

A vulnerability was found in FCJ Venture Builder appclientefiel 3.0.27. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /rest/cliente/ObterPedido/ of the component HTTP GET Request Handler. The manipulation of the argument ORDERID leads ...