Design/Logic Flaw

An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2020-26007

An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...

ShopXO 代码问题漏洞

ShopXO is an open source enterprise-level open source e-commerce system. A security vulnerability exists in ShopXO v1.9.0, which originates from the upload of arbitrary files in the Upload Payment plugin. An attacker can execute arbitrary code by uploading a crafted PHP file...

CVE-2019-9762

A SQL Injection was discovered in PHPSHE 1.7 in include/plugin/payment/alipay/pay.php with the parameter id. The vulnerability does not need any authentication...

Sql injection

A SQL Injection was discovered in PHPSHE 1.7 in include/plugin/payment/alipay/pay.php with the parameter id. The vulnerability does not need any authentication...

TinyShop SQL注入一枚

简要描述： 20140926 详细说明： 这次这个还是在payment里，是异步callback时候，有类似问题，其实我不想分开交的，其实不想分开交，怕有重复过不了。 /protected/controllers/payment.php中 asynccallback function asynccallback //从URL中获取支付方式 $paymentid = Filter::intReq::get'paymentid'; $payment = new Payment$paymentid; $paymentPlugin = $payment-getPaymentPlugin;...

Kubelance SQL Injection (profile.php?id)

No description provided by source. Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title:Kubelance SQL Injection Vendor url:http://www.kubelabs.com Version:1.7.6 Price:90$ Published: 2010-06-19 Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue, S1ayer,d3c0d3r,KD and to all ICW members...

Template Seller Pro 3.25

AlstraSoft Template Seller Pro 3.25 =================================== Software: AlstraSoft Template Seller Pro 3.25 Severity: Arbitrary code execution, SQL Injections Risk: High Author: Robin Verton [email protected] Date: Nov. 15 2005 Vendor: www.alstrasoft.com Description: Ever thought of...