Lucene search
+L

46 matches found

RedhatCVE
RedhatCVE
added 2026/02/23 7:25 p.m.6 views

CVE-2019-25440

WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the prodid parameter. Attackers can send GET requests to productdetail.php with malicious prodid values to extract sensitive database informatio...

8.8CVSS5.7AI score0.00232EPSS
Exploits0References1
NVD
NVD
added 2026/02/22 2:16 p.m.6 views

CVE-2019-25440

WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the prodid parameter. Attackers can send GET requests to productdetail.php with malicious prodid values to extract sensitive database informatio...

8.8CVSS0.00232EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/22 1:34 p.m.7 views

CVE-2019-25440

WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the prodid parameter. Attackers can send GET requests to productdetail.php with malicious prodid values to extract sensitive database informatio...

8.8CVSS5.9AI score0.00232EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/22 1:34 p.m.27 views

CVE-2019-25440 WebIncorp ERP Every version SQL Injection via product_detail.php

WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the prodid parameter. Attackers can send GET requests to productdetail.php with malicious prodid values to extract sensitive database informatio...

8.8CVSS0.00232EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/22 1:34 p.m.5 views

CVE-2019-25440 WebIncorp ERP Every version SQL Injection via product_detail.php

WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the prodid parameter. Attackers can send GET requests to productdetail.php with malicious prodid values to extract sensitive database informatio...

8.8CVSS5.7AI score0.00232EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/22 12:0 a.m.10 views

PT-2026-21441

WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the prod id parameter. Attackers can send GET requests to product detail.php with malicious prod id values to extract sensitive database...

8.8CVSS5.9AI score0.00232EPSS
Exploits0References3
NVD
NVD
added 2026/02/03 6:16 p.m.21 views

CVE-2020-37108

PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of productdetail.php that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the 'id' parameter to potentially extract or modify database information...

7.1CVSS0.00272EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/03 4:52 p.m.7 views

EUVD-2020-30986

PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of productdetail.php that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the 'id' parameter to potentially extract or modify database information...

7.1CVSS5.8AI score0.00272EPSS
Exploits0References4
CVE
CVE
added 2026/02/03 4:52 p.m.17 views

CVE-2020-37108

The CVE-2020-37108 issue affects PhpIX 2012 Professional and is caused by an SQL injection in the id parameter of product_detail.php, enabling remote manipulation of database queries. Affected component: product_detail.php (id parameter). Underlying cause: improper handling/sanitization of user i...

7.1CVSS5.8AI score0.00272EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/03 4:52 p.m.2 views

CVE-2020-37108 PhpIX 2012 Professional - 'id' SQL Injection

PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of productdetail.php that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the 'id' parameter to potentially extract or modify database information...

7.1CVSS5.8AI score0.00272EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.11 views

PT-2026-5854

PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of product detail.php that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the 'id' parameter to potentially extract or modify database information...

7.1CVSS6AI score0.00272EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.7 views

PhpIX SQL注入漏洞

PhpIX is a website building system developed by PhpIX Company in Thailand. PhpIX has a SQL injection vulnerability; this vulnerability stems from the id parameter in the productdetail.php file, which allows for SQL injections, potentially enabling remote attackers to manipulate database queries...

7.1CVSS5.9AI score0.00272EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2007-0096

Malware in sbrugna...

7.5CVSS6.3AI score0.01067EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2009-2769

Malware in sbrugna...

7.5CVSS6.4AI score0.00993EPSS
Exploits1References4
CNVD
CNVD
added 2025/07/18 12:0 a.m.4 views

Modern Bag product-detail.php file SQL Injection Vulnerability

Modern Bag is an online management system. Modern Bag suffers from a SQL injection vulnerability that stems from an error in the parameter ID in the file /product-detail.php that lacks validation of externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal S...

9.8CVSS8.2AI score0.00454EPSS
Exploits1References1
OSV
OSV
added 2025/07/12 9:15 a.m.5 views

CVE-2025-7467

A vulnerability, which was classified as critical, was found in code-projects Modern Bag 1.0. This affects an unknown part of the file /product-detail.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to...

9.8CVSS5.7AI score0.00454EPSS
Exploits1References5
CVE
CVE
added 2025/07/12 8:32 a.m.26 views

CVE-2025-7467

CVE-2025-7467 affects code-projects Modern Bag 1.0. The vulnerability is in the file /product-detail.php where the ID parameter can be manipulated to perform SQL injection. This allows remote initiation of an attack, and the exploit has been disclosed publicly. Connected sources corroborate an SQ...

9.8CVSS7.5AI score0.00454EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2025/07/12 8:32 a.m.13 views

CVE-2025-7467 code-projects Modern Bag product-detail.php sql injection

A vulnerability, which was classified as critical, was found in code-projects Modern Bag 1.0. This affects an unknown part of the file /product-detail.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to...

7.5CVSS0.00454EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/07/12 12:0 a.m.6 views

Code-Projects Modern Bag 注入漏洞

Modern Bag is an online management system. Modern Bag suffers from a SQL injection vulnerability that stems from an error in the parameter ID in the file /product-detail.php that lacks validation of externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal S...

9.8CVSS8.1AI score0.00454EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/05/23 3:16 a.m.5 views

CVE-2023-22838

Cross-site scripting vulnerability in Product List Screen and Product Detail Screen of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script...

5.4CVSS6.5AI score0.00538EPSS
Exploits0References1
Rows per page
Query Builder