Lucene search
K

21 matches found

NVD
NVD
added 2026/02/27 6:16 p.m.7 views

CVE-2019-25496

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the productsid parameter. Attackers can modify the productsid value in productinfo.php requests and append boolean-based SQL injection...

8.8CVSS0.00327EPSS
Exploits1References3
OSV
OSV
added 2026/02/27 6:16 p.m.3 views

CVE-2019-25496

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the productsid parameter. Attackers can modify the productsid value in productinfo.php requests and append boolean-based SQL injection...

7.5CVSS5.9AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/27 5:23 p.m.5 views

CVE-2019-25496

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the productsid parameter. Attackers can modify the productsid value in productinfo.php requests and append boolean-based SQL injection...

8.8CVSS6AI score0.00327EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/02/27 5:23 p.m.28 views

CVE-2019-25496 osCommerce 2.3.4.1 SQL Injection via products_id Parameter

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the productsid parameter. Attackers can modify the productsid value in productinfo.php requests and append boolean-based SQL injection...

8.8CVSS0.00327EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.8 views

PT-2026-22364

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the products id parameter. Attackers can modify the products id value in product info.php requests and append boolean-based SQL injection...

8.8CVSS6AI score0.00327EPSS
Exploits1References4
CVE
CVE
added 2025/08/20 1:9 p.m.22 views

CVE-2025-24496

CVE-2025-24496 affects Tenda AC6 V5.0 V02.03.01.110. The information-disclosure flaw resides in /goform/getproductInfo; Talos notes an authentication bypass when requesting this URL, allowing a non-authenticated retrieval of module data via the generic getter, potentially exposing configuration d...

7.5CVSS6.5AI score0.00342EPSS
Exploits0References2Affected Software1
Talos
Talos
added 2025/08/20 12:0 a.m.7 views

Tenda AC6 V5.0 /goform/getproductInfo information disclosure vulnerability

Talos Vulnerability Report TALOS-2025-2164 Tenda AC6 V5.0 /goform/getproductInfo information disclosure vulnerability August 20, 2025 CVE Number CVE-2025-24496 SUMMARY An information disclosure vulnerability exists in the /goform/getproductInfo functionality of Tenda AC6 V5.0 V02.03.01.110...

7.5CVSS6.6AI score0.00342EPSS
Exploits0
CNNVD
CNNVD
added 2024/06/26 12:0 a.m.4 views

Genexis Tilgin Home Gateway Cross-Site Scripting Vulnerability

Genexis Tilgin Home Gateway is a series of home gateways from Genexis, a South Korean company. A cross-site scripting vulnerability exists in the Genexis Tilgin Fiber Home Gateway HG1522 CSx000-01090112 version, which stems from the fact that manipulation of the parameter productinfo can lead to...

6.9CVSS5.8AI score0.00428EPSS
Exploits0References4
HackRead
HackRead
added 2024/06/18 1:30 p.m.16 views

AMD Data Breach: IntelBroker Claims Theft of Employee and Product Info

Advanced Micro Devices, Inc. AMD has apparently been breached by IntelBroker, a notorious hacker from the Breach Forums --- AMD has not yet confirmed the breach...

7.3AI score
Exploits0
NVD
NVD
added 2024/05/02 5:15 p.m.27 views

CVE-2024-3649

The Contact Form by WPForms – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable to price manipulation in versions up to, and including, 1.8.7.2. This is due to a lack of controls on several product parameters. This makes it possible for unauthenticated attackers to...

5.3CVSS5.6AI score0.00679EPSS
Exploits0References3
OSV
OSV
added 2023/09/30 2:15 a.m.2 views

CVE-2023-43703

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "productinfoname" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...

5.4CVSS5.9AI score0.00431EPSS
Exploits1References2
Prion
Prion
added 2019/08/02 10:15 p.m.9 views

Cross site scripting

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify product information...

3.5CVSS4.7AI score0.00557EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2018/02/05 12:0 a.m.12 views

Siemens SIMATIC SCALANCE Device Detection (SNMP)

SNMP based detection of Siemens SIMATIC SCALANCE devices. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2017/09/03 12:0 a.m.25 views

openSUSE: Security Advisory for freerdp (openSUSE-SU-2017:2332-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.8CVSS7AI score0.01826EPSS
Exploits6References1
OPENSUSE Linux
OPENSUSE Linux
added 2017/09/02 6:8 p.m.180 views

Security update for freerdp (important)

This update for freerdp fixes the following issues: - CVE-2017-2834: Out-of-bounds write in licenserecv bsc1050714 - CVE-2017-2835: Out-of-bounds write in rdprecvtpktpdu bsc1050712 - CVE-2017-2836: Rdp Client Read Server Proprietary Certificate Denial of Service bsc1050699 - CVE-2017-2837: Client...

1.4AI score0.01826EPSS
Exploits6References6
Openbugbounty
Openbugbounty
added 2017/08/20 12:34 p.m.17 views

whatmusic.com XSS vulnerability

Open Bug Bounty ID: OBB-280419 Description| Value ---|--- Affected Website:| whatmusic.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score
Exploits0
Talos
Talos
added 2017/07/24 12:0 a.m.33 views

FreeRDP Rdp Client License Read Product Info Denial of Service Vulnerability

Summary An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use ma...

6.5CVSS6.5AI score0.01569EPSS
Exploits1
Vulnerability Lab
Vulnerability Lab
added 2016/01/26 12:0 a.m.37 views

WebMartIndia CMS 2016 Q1 - SQL Injection Vulnerability

Document Title: =============== WebMartIndia CMS 2016 Q1 - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1681 Release Date: ============= 2016-01-26 Vulnerability Laboratory ID VL-ID: ==================================== 167...

0.7AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.20 views

oscommerce authentication bypass

No description provided by source. This is a bug on old oscommerce / creloaded i just didn't find it in the exploit-db database on the search. Exploit Title: OsCommerce/Creloaded tell a friend authentication bypass Date: 04/02/2010 Author: Nicolas Krassas Version: $Id: tellafriend.php,v 1.1.1.1...

7.1AI score
Exploits0
0day.today
0day.today
added 2011/02/05 12:0 a.m.14 views

oscommerce authentication bypass

Exploit for php platform in category web applications This is a bug on old oscommerce / creloaded i just didn't find it in the exploit-db database on the search. Exploit Title: OsCommerce/Creloaded tell a friend authentication bypass Date: 04/02/2010 Author: Nicolas Krassas Version: $Id:...

7.1AI score
Exploits0
Rows per page
Query Builder