CVE-2019-25440

WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the prodid parameter. Attackers can send GET requests to productdetail.php with malicious prodid values to extract sensitive database informatio...

CVE-2019-25440 WebIncorp ERP Every version SQL Injection via product_detail.php

WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the prodid parameter. Attackers can send GET requests to productdetail.php with malicious prodid values to extract sensitive database informatio...

CVE-2025-11597

A vulnerability was identified in code-projects E-Commerce Website 1.0. The impacted element is an unknown function of the file /pages/productaddqty.php. The manipulation of the argument prodid leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly...

CVE-2025-11597

Summary: CVE-2025-11597 affects the code-projects E-Commerce Website 1.0. The vulnerability resides in the file /pages/product_add_qty.php, where the argument prod_id is not validated, leading to SQL injection. Multiple sources corroborate a remote-exploit scenario with publicly available exploit...

CVE-2025-11094

A security vulnerability has been detected in code-projects E-Commerce Website 1.0. This affects an unknown part of the file /pages/adminproductdetails.php. Such manipulation of the argument prodid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicl...

CVE-2023-7106

A vulnerability was found in code-projects E-Commerce Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file productdetails.php?prodid=11. The manipulation of the argument prodid leads to sql injection. The attack can be launched...

WebIncorp ERP - SQL injection

WebIncorp ERP - SQL injection Exploit Title: WebIncorp ERP - SQL injection Date: 1.8.2019. Exploit Author: n1x MS-WEB Vendor Homepage: https://www.webincorp.com/products/erp-software-qatar Version: Every version CWE : CWE-89 Vulnerable parameter: prodid productdetail.php GET Request GET...

WebIncorp ERP SQL Injection

Exploit Title: WebIncorp ERP - SQL injection Date: 1.8.2019. Exploit Author: n1x MS-WEB Vendor Homepage: https://www.webincorp.com/products/erp-software-qatar Version: Every version CWE : CWE-89 Vulnerable parameter: prodid productdetail.php GET Request GET https://host/productdetail.php?prodid=x...

WebIncorp ERP - SQL injection

Exploit Title: WebIncorp ERP - SQL injection Date: 1.8.2019. Exploit Author: n1x MS-WEB Vendor Homepage: https://www.webincorp.com/products/erp-software-qatar Version: Every version CWE : CWE-89 Vulnerable parameter: prodid productdetail.php GET Request GET https://host/productdetail.php?prodid=x...

CVE-2015-2216

SQL injection vulnerability in ecomm-sizes.php in the Photocrati theme 4.x for WordPress allows remote attackers to execute arbitrary SQL commands via the prodid parameter...

Sql injection

SQL injection vulnerability in ecomm-sizes.php in the Photocrati theme 4.x for WordPress allows remote attackers to execute arbitrary SQL commands via the prodid parameter...

CVE-2014-100016

Cross-site scripting XSS vulnerability in photocrati-gallery/ecomm-sizes.php in the Photocrati theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the prodid parameter...

Sql injection

Multiple SQL injection vulnerabilities in Avactis Shopping Cart 0.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 categoryid parameter in a storespecialoffers.php and b store.php, and 2 prodid parameter in c cart.php and d productinfo.php. NOTE: this issue also...