CVE-2026-5558

CVE-2026-5558 affects PHPGurukul Online Shopping Portal Project up to 2.1. The vulnerability is in an unknown function of /pending-orders.php (Parameter Handler). Manipulating the argument ID leads to SQL injection, enabling remote exploitation. The exploit has been published; CVSS indicates medi...

CVE-2026-5019

A security vulnerability has been detected in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file all-orders.php of the component Parameter Handler. The manipulation of the argument Status leads to sql injection. The attack may be...

CVE-2025-63449

Water Management System v1.0 is vulnerable to Cross Site Scripting XSS in /orders.php...

Water-Management-System 安全漏洞

Water-Management-System is an inventory management system by the individual developer Dikshant Naik. A security vulnerability exists in Water-Management-System version 1.0, which stems from the file /orders.php being vulnerable to cross-site scripting attacks...

CVE-2025-63449

CVE-2025-63449 affects Water Management System v1.0, with a Cross Site Scripting (XSS) flaw in /orders.php. The issue is described across multiple connected sources, indicating the vulnerability stems from input handling in that endpoint and can enable injection of malicious scripts. The CVSS v3....

EUVD-2022-53363

Malicious code in bioql PyPI...

Inventory Management System orders.php File SQL Injection Vulnerability

Inventory Management System is an inventory management system. The Inventory Management System suffers from a SQL injection vulnerability that originates from a parameter i in the file /orders.php that is not securely filtered. An attacker can exploit this vulnerability by remotely injecting...

CVE-2025-6828

CVE-2025-6828 affects code-projects Inventory Management System 1.0, with SQL injection in /orders.php via the i parameter. Root cause: unsafely handled input in orders.php allows remote attacker to manipulate SQL statements. Multiple sources (NVD, RH) describe it as critical with remote, unauthe...

PT-2025-27332 · Code Projects · Code-Projects Inventory Management System

Name of the Vulnerable Software and Affected Versions: code-projects Inventory Management System version 1.0 Description: A critical vulnerability has been found in the code-projects Inventory Management System, affecting unknown code of the file /orders.php. The manipulation of the argument i...

CVE-2022-32095

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.php...

CVE-2024-44313

TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the invoice function within Orders.php which allows unauthorized users to access and generate invoices due to missing permission checks...

CVE-2024-44313

TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the invoice function within Orders.php which allows unauthorized users to access and generate invoices due to missing permission checks...

CVE-2022-32095

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.php...

Sql injection

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.php...

CVE-2022-32095

The CVE-2022-32095 entry affects Hospital Management System v1.0, with a SQL injection vulnerability in orders.php via the editid parameter. The root cause is an unsafeguarded editid input leading to data exposure of the database; impact is high (CVE metrics show high/critical in multiple scores)...

Qualiteam X-Cart 4.0.8 orders.php mode Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/13817/info X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. These vulnerabilities could permit remot...

Qualiteam X-Cart 4.0.8 orders.php mode Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/13817/info X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. These vulnerabilities could permit remot...

Cross-Site Scripting уязвимости в MC Content Manager

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting уязвимостях в системе MC Content Manager. Это украинская коммерческая CMS. XSS WASC-08: POST запрос на странице http://site/ru/cms/search "scriptalertdocument.cookie/script В поле поиска. XSS WASC-08:...

XSS vulnerability in VaM Shop

Vulnerability ID: HTB22781 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinvamshop2.html Product: VaM Shop Vendor: Vamsoft http://vamshop.ru/ Vulnerable Version: 1.6 and Probably Prior Versions Vendor Notification: 28 December 2010 Vulnerability Type: XSS Cross Site Scripting Status:...

Pie Cart Pro - Inc_Dir Remote File Inclusion

Pie Cart Pro - IncDir Remote File Inclusion ==================================================================== Pie Cart Pro = IncDir Remote File Inclusion Exploit ==================================================================== Critical Level : Dangerous By SnIpErSA...