16 matches found
CVE-2022-26273
EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities...
EUVD-2022-30834
Malicious code in bioql PyPI...
CVE-2024-46307
A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products...
CVE-2024-46307
A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products...
CVE-2024-46307
A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products...
Xingyuantu SparkShop 安全漏洞
Xingyuantu SparkShop is an open source shopping mall from the Chinese company Xingyuantu. A security vulnerability exists in Xingyuantu SparkShop v1.16, which stems from a flaw in the payment logic that allows an attacker to arbitrarily modify the number of products...
CVE-2024-46307
A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products...
CVE-2024-46307
A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products...
CVE-2024-46307
The CVE-2024-46307 entry concerns Sparkshop v1.16 where a flaw in the payment logic allows an attacker to arbitrarily modify the number of products. The issue is confirmed across multiple sources (NVD, CVE list, Red Hat/CNNVD entries) and has CVSS v3.1 metrics: AV:N/AC:L/PR:N/UI:N/S:U, with C I: ...
PT-2024-31952 · Sparkshop · Sparkshop
Name of the Vulnerable Software and Affected Versions: Sparkshop version 1.16 Description: A loop hole in the payment logic of Sparkshop allows attackers to arbitrarily modify the number of products. This is a high-severity issue that affects multiple versions of Sparkshop. Users are urged to...
CVE-2022-26273
EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities...
CVE-2022-26273
EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities...
Design/Logic Flaw
EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities...
CVE-2022-26273
Summary: CVE-2022-26273 affects EyouCMS v1.5.4, due to lack of parameter filtering in the code path \user\controller\shop.php, which enables payment logic vulnerabilities. This vulnerability is documented across multiple sources (NVD, Red Hat, OSV, CVE lists) with a consistent description. The NV...
CVE-2022-26273
EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities...
Users are charged twice the FDT tokens when tokenizing their convictions
Handle shw Vulnerability details Impact Users have to pay twice the FSD tokens when tokenizing their convictions if the locked variable is non-zero. Proof of Concept The first payment is made in the function tokenizeConviction of the contract ERC20ConvictionScore line 282, where a user transfer...