83 matches found
CVE-2026-5606
The CVE-2026-5606 entry describes a SQL injection vulnerability in PHPGurukul Online Shopping Portal Project 2.1, specifically in the Parameter Handler’s unknown function within /order-details.php where the orderid argument is manipulable. The issue can be exploited remotely by an attacker and is...
CVE-2026-5606 PHPGurukul Online Shopping Portal Project Parameter order-details.php sql injection
A security flaw has been discovered in PHPGurukul Online Shopping Portal Project 2.1. The affected element is an unknown function of the file /order-details.php of the component Parameter Handler. The manipulation of the argument orderid results in sql injection. It is possible to launch the atta...
PT-2026-30514
A security flaw has been discovered in PHPGurukul Online Shopping Portal Project 2.1. The affected element is an unknown function of the file /order-details.php of the component Parameter Handler. The manipulation of the argument orderid results in sql injection. It is possible to launch the atta...
PHPGurukul Online Shopping Portal Project SQL注入漏洞
The PHPGurukul Online Shopping Portal Project is an online shopping portal project developed by PHPGurukul Corporation. Version 2.1 of the PHPGurukul Online Shopping Portal Project contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter “orderid”...
CVE-2025-14085
A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. This impacts an unknown function of the file /app-api/v1/orders/. The manipulation of the argument orderId leads to improper control of dynamically-identified variables. Remote exploitation of the attack is possible. The exploi...
CVE-2025-14085
A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. This impacts an unknown function of the file /app-api/v1/orders/. The manipulation of the argument orderId leads to improper control of dynamically-identified variables. Remote exploitation of the attack is possible. The exploi...
mall-swarm authorization issue vulnerability (CNVD-2026-10877)
mall-swarm is a microservice mall system. There is an authorization issue vulnerability in mall-swarm, which originates from the mishandling of the orderId parameter in the cancelOrder function in the file /order/cancelOrder, and no detailed vulnerability details are provided...
CVE-2025-13118
A vulnerability was detected in macrozheng mall-swarm up to 1.0.3. Affected by this issue is the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderID results in improper authorization. The attack can be launched remotely. The exploit is now public and may be...
CVE-2025-13117
A security vulnerability has been detected in macrozheng mall-swarm and mall up to 1.0.3. Affected by this vulnerability is the function cancelOrder of the file /order/cancelOrder. The manipulation of the argument orderId leads to improper authorization. The attack can be initiated remotely. The...
EUVD-2025-169290
A security flaw has been discovered in macrozheng mall-swarm up to 1.0.3. This impacts the function detail of the file /order/detail/ of the component Order Details Handler. Performing manipulation of the argument orderId results in improper authorization. It is possible to initiate the attack...
CVE-2025-13117
A security vulnerability has been detected in macrozheng mall-swarm and mall up to 1.0.3. Affected by this vulnerability is the function cancelOrder of the file /order/cancelOrder. The manipulation of the argument orderId leads to improper authorization. The attack can be initiated remotely. The...
EUVD-2025-175308
A vulnerability was detected in macrozheng mall-swarm up to 1.0.3. Affected by this issue is the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderID results in improper authorization. The attack can be launched remotely. The exploit is now public and may be...
CVE-2025-13118 macrozheng mall-swarm paySuccess improper authorization
A vulnerability was detected in macrozheng mall-swarm up to 1.0.3. Affected by this issue is the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderID results in improper authorization. The attack can be launched remotely. The exploit is now public and may be...
CVE-2025-13118
Summary (CVE-2025-13118): Macrozheng mall-swarm and mall up to 1.0.3 are affected. The paySuccess function in /order/paySuccess is vulnerable to argument tampering of orderID, resulting in improper authorization. The issue is exploitable remotely; exploits are public. Multiple connected sources c...
CVE-2025-13118 macrozheng mall-swarm paySuccess improper authorization
A vulnerability was detected in macrozheng mall-swarm up to 1.0.3. Affected by this issue is the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderID results in improper authorization. The attack can be launched remotely. The exploit is now public and may be...
CVE-2025-13117 macrozheng mall-swarm/mall cancelOrder improper authorization
A security vulnerability has been detected in macrozheng mall-swarm and mall up to 1.0.3. Affected by this vulnerability is the function cancelOrder of the file /order/cancelOrder. The manipulation of the argument orderId leads to improper authorization. The attack can be initiated remotely. The...
CVE-2025-13117
CVE-2025-13117 affects macrozheng mall-swarm up to version 1.0.3, targeting the cancelOrder function in /order/cancelOrder. The issue arises from manipulation of the orderId parameter, causing improper authorization. An attacker can trigger this remotely and public exploitation has been disclosed...
CVE-2025-13116
A weakness has been identified in macrozheng mall-swarm and mall up to 1.0.3. Affected is the function cancelUserOrder of the file /order/cancelUserOrder. Executing manipulation of the argument orderId can lead to improper authorization. It is possible to launch the attack remotely. The exploit h...
CVE-2025-13116
A weakness has been identified in macrozheng mall-swarm and mall up to 1.0.3. Affected is the function cancelUserOrder of the file /order/cancelUserOrder. Executing manipulation of the argument orderId can lead to improper authorization. It is possible to launch the attack remotely. The exploit h...
CVE-2025-13116
CVE-2025-13116 affects macrozheng mall-swarm and mall up to 1.0.3. The issue is in the function cancelUserOrder in /order/cancelUserOrder, where manipulating the argument orderId can cause improper authorization. Attacks are described as remotely executable and a public exploit exists. Multiple c...