CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

RedhatCVE•added 2026/01/13 10:54 p.m.•2 views

CVE-2023-36331

Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users' order details via manipulation of the query parameter userId...

8.2CVSS6.8AI score0.00065EPSS

Exploits1References1

NVD•added 2026/01/12 8:15 p.m.•2 views

CVE-2023-36331

Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users' order details via manipulation of the query parameter userId...

8.2CVSS0.00065EPSS

Exploits1References1

OSV•added 2026/01/12 8:15 p.m.•1 views

CVE-2023-36331

Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users' order details via manipulation of the query parameter userId...

8.2CVSS5.8AI score

Exploits0References1

Vulnrichment•added 2026/01/12 12:0 a.m.•1 views

CVE-2023-36331

Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users' order details via manipulation of the query parameter userId...

6.5AI score0.00065EPSS

Exploits1References1

Cvelist•added 2026/01/12 12:0 a.m.•18 views

CVE-2023-36331

Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users' order details via manipulation of the query parameter userId...

0.00065EPSS

Exploits1References1

NVD•added 2025/12/15 8:15 a.m.•2 views

CVE-2025-14710

A vulnerability was detected in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This affects an unknown part of the file /controller/api/OrderList.php. The manipulation of the argument telephone results in sql injection. The attack can be executed remotely. The exploit ...

9.8CVSS0.00036EPSS

Exploits1References4

Cvelist•added 2025/12/15 7:32 a.m.•27 views

CVE-2025-14710 FantasticLBP Hotels Server OrderList.php sql injection

7.5CVSS0.00036EPSS

Exploits1References4

EUVD•added 2025/12/15 7:32 a.m.•3 views

EUVD-2025-203343

7.5CVSS6.2AI score0.00036EPSS

Exploits1References5

Positive Technologies•added 2025/12/15 12:0 a.m.•2 views

PT-2025-51209

7.5CVSS6.8AI score0.00036EPSS

Exploits1References5

Openbugbounty•added 2017/07/07 10:47 a.m.•15 views

intra.myevergreen.com XSS vulnerability

Vulnerable URL: http://intra.myevergreen.com/order/OrderList.asp?Wholesid=1"...

6.9AI score

Exploits0

seebug.org•added 2014/08/07 12:0 a.m.•22 views

逐浪CMS SQL注入漏洞

简要描述： RT 详细说明： http://demo.zoomla.cn/user/UserShop/OrderList.aspx?menu=souch&souchtable=&souchkey= braid 密码：123456 1点左边的添加账单生成一个订单 2看下图漏洞证明：表：...

7.1AI score

Exploits0

Prion•added 2014/07/15 2:55 p.m.•11 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Shopizer 1.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 customername parameter to central/orders/searchcriteria.action; 2 productname, 3 availability, or 4 status parameter to...

4.3CVSS6.1AI score0.06556EPSS

Exploits1References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by