Lucene search
K

116 matches found

NVD
NVD
added 2026/06/19 5:16 p.m.10 views

CVE-2017-20282

Joomla! Component jCart for OpenCart 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the productid parameter. Attackers can send GET requests to index.php with the option=comjcart&route=product/product...

8.8CVSS0.00267EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/19 4:58 p.m.30 views

CVE-2017-20282 Joomla! Component jCart for OpenCart 2.0 SQL Injection

Joomla! Component jCart for OpenCart 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the productid parameter. Attackers can send GET requests to index.php with the option=comjcart&route=product/product...

8.8CVSS0.00267EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/19 4:58 p.m.6 views

EUVD-2017-19009

Joomla! Component jCart for OpenCart 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the productid parameter. Attackers can send GET requests to index.php with the option=comjcart&route=product/product...

8.8CVSS6AI score0.00267EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:58 p.m.7 views

CVE-2017-20282

Joomla! Component jCart for OpenCart 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the productid parameter. Attackers can send GET requests to index.php with the option=comjcart&route=product/product...

8.8CVSS6AI score0.00267EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/19 3:47 p.m.5 views

CVE-2017-20261

Joomla! Component Bargain Product VM3 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the productid parameter. Attackers can supply crafted SQL statements in GET requests to the brainy and alice...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/19 3:47 p.m.33 views

CVE-2017-20261 Joomla! Component Bargain Product VM3 1.0 SQL Injection

Joomla! Component Bargain Product VM3 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the productid parameter. Attackers can supply crafted SQL statements in GET requests to the brainy and alice...

8.8CVSS0.00334EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/19 3:44 p.m.5 views

CVE-2017-20260

Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the productid parameter. Attackers can send requests to the subscribeajax view with crafted SQL payloads in the...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/06/19 3:44 p.m.15 views

CVE-2017-20260

Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the product_id parameter in the subscribeajax view. Attackers can craft SQL payloads to extract sensitive database...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/19 3:44 p.m.37 views

CVE-2017-20260 Joomla! Component Price Alert 3.0.2 SQL Injection

Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the productid parameter. Attackers can send requests to the subscribeajax view with crafted SQL payloads in the...

8.8CVSS0.00334EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.17 views

PT-2026-50963

Name of the Vulnerable Software and Affected Versions Joomla! Component jCart for OpenCart version 2.0 Description An SQL injection allows unauthenticated attackers to manipulate database queries by injecting SQL code. This is achieved by sending GET requests to the 'index.php' endpoint using the...

8.8CVSS5.9AI score0.00267EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.17 views

PT-2026-50937

Name of the Vulnerable Software and Affected Versions Joomla! Component Price Alert version 3.0.2 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. By sending requests to the 'subscribeajax' view with crafted payloads in the product id parameter,...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/05 8:33 p.m.12 views

EUVD-2026-33408

Shopper: Missing authorization on Product admin Livewire sub-form components...

6.5CVSS5.4AI score0.00221EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.9 views

CVE-2026-42207

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, MageProductAlertAddController::stockAction reads the uenc query parameter and passes...

6.1CVSS5.4AI score0.00149EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.8 views

shopper 安全漏洞

Shopper is an open-source e-commerce management backend developed by Shopper Labs. Versions of Shopper prior to 2.8.0 contained security vulnerabilities. These vulnerabilities stemmed from the Livewire component in the product editor, which lacked authorization for the store method. Any...

6.5CVSS5.8AI score0.00221EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/23 6:30 p.m.7 views

CVE-2018-25341 Smartshop 1 SQL Injection via product.php id Parameter

Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to product.php with union-based SQL injection payloads in the id parameter to extract...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4
CVE
CVE
added 2026/05/23 6:30 p.m.24 views

CVE-2018-25341

CVE-2018-25341 concerns Smartshop 1 with a SQL injection vulnerability in product.php id parameter. The issue allows unauthenticated attackers to perform union-based SQL injection to extract database information, including usernames and database names. Connected sources confirm the vulnerability ...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4
CVE
CVE
added 2026/05/15 5:6 p.m.14 views

CVE-2026-42207

OpenMage/magento-lts before version 20.18.0 is affected by an open redirect in Mage_ProductAlert_AddController::stockAction(). If the product_id does not reference a catalog product, the handler redirects to the URL supplied in the uenc parameter without validating it via _isUrlInternal(), allowi...

6.1CVSS5.8AI score0.00149EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/15 5:6 p.m.12 views

EUVD-2026-30570

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, MageProductAlertAddController::stockAction reads the uenc query parameter and passes...

6.1CVSS5.8AI score0.00149EPSS
Exploits0References1
CVE
CVE
added 2026/05/10 12:43 p.m.16 views

CVE-2021-47928

Opencart TMD Vendor System 3.x is affected by a blind SQL injection via the product_id parameter, allowing unauthenticated attackers to enumerate data from oc_user (usernames, emails, password reset codes). The vulnerability is described as a time-based/content-based blind injection with high con...

8.8CVSS5.9AI score0.00276EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/10 12:43 p.m.9 views

CVE-2021-47928

Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the productid parameter. Attackers can craft malicious SQL queries using time-based or content-based blind injection...

8.8CVSS5.9AI score0.00276EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder