CVE-2019-25496

CVE-2019-25496 affects osCommerce 2.3.4.1. The vulnerability is a SQL injection in the products_id parameter used by product_info.php, allowing unauthenticated attackers to manipulate database queries and extract sensitive information by appending boolean-based payloads. The described exploit pat...

obdpros.com XSS vulnerability

Open Bug Bounty ID: OBB-638883 Description| Value ---|--- Affected Website:| obdpros.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

vocopro.com XSS vulnerability

Vulnerable URL: http://www.vocopro.com/products/productinfo.php?ID=466!prettyPhoto/0,%3Ca%20onclick=%22alert%27OPENBUGBOUNTY%27;%22%3E/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 09.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Ran...

vofis.ru XSS vulnerability

Vulnerable URL: http://vofis.ru/productinfo.php?productsid=1018"'/alert/openbugbounty/...

celery.com.tw XSS vulnerability

Vulnerable URL: http://www.celery.com.tw/productinfo.php?ID=50...

CVE-2010-4946

SQL injection vulnerability in productinfo.php in ALLPC 2.5 allows remote attackers to execute arbitrary SQL commands via the productsid parameter...

Sql injection

SQL injection vulnerability in productinfo.php in ALLPC 2.5 allows remote attackers to execute arbitrary SQL commands via the productsid parameter...

CVE-2010-4946

CVE-2010-4946 describes an SQL injection in ALLPC 2.5, specifically in product_info.php where the products_id parameter can be manipulated to run arbitrary SQL. The vulnerability, as documented by NVD and Red Hat, carries a CVSS v2 base score of 7.5 (HIGH) with network access, low attack complexi...

Sql injection

SQL injection vulnerability in productinfo.php in CRE Loaded 6.2 allows remote attackers to execute arbitrary SQL commands via the productsid parameter...

CVE-2009-1403

SQL injection vulnerability in productinfo.php in CRE Loaded 6.2 allows remote attackers to execute arbitrary SQL commands via the productsid parameter...

CVE-2009-1403

CVE-2009-1403 describes an SQL injection in CRE Loaded 6.2, specifically in product_info.php where the products_id parameter can be exploited to execute arbitrary SQL commands. The vulnerability is labeled as high risk (CVSSv2 base score 7.5) with network attack vector and no authentication requi...

CRE Loaded 6.2 SQL Injection

+-------------------------------------+ + Homepage: http://www.creloaded.com/ + Product: CRE Loaded v6.2 + File: productinfo.php + Parameter: productid +-------------------------------------+ + SQL Injection: +...

CRE Loaded 6.2 (products_id) SQL Injection Vulnerability

Exploit for unknown platform in category web applications ======================================================== CRE Loaded 6.2 productsid SQL Injection Vulnerability ======================================================== +-------------------------------------+ + Homepage:...

CRE Loaded 6.2 (products_id) SQL Injection Vulnerability

No description provided by source. +-------------------------------------+ + Homepage: http://www.creloaded.com/ + Product: CRE Loaded v6.2 + File: productinfo.php + Parameter: productid +-------------------------------------+ + SQL Injection: +...

CRE Loaded 6.2 - 'products_id' SQL Injection

+-------------------------------------+ + Homepage: http://www.creloaded.com/ + Product: CRE Loaded v6.2 + File: productinfo.php + Parameter: productid +-------------------------------------+ + SQL Injection: +...

acgptp-sql.txt

|| | | ACG-PTP 1.0.6 adid Remote SQL Injection Vulnerability | | |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : www.tryag.cc/cc | | email: darkangelg85atYahooDoTcom | | | | | | | script :http://discountedscripts.com/productinfo.php?productsid=65 | | DorK :...

Getacoder clone - sb_protype SQL Injection

Getacoder clone - sbprotype SQL Injection || | | Getacoder Clone Script sbprotype Remote SQL Injection Vulnerability | | |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : www.tryag.cc/cc | | email: darkangelg85atYahooDoTcom | | | | | | | | script :...

Sql injection

Multiple SQL injection vulnerabilities in Avactis Shopping Cart 0.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 categoryid parameter in a storespecialoffers.php and b store.php, and 2 prodid parameter in c cart.php and d productinfo.php. NOTE: this issue also...

CVE-2005-4677

The CVE-2005-4677 entry describes a SQL injection vulnerability in the osCommerce Additional Images module (additional_images.php) before version 1.14. The flaw allows remote attackers to inject arbitrary SQL via the products_id parameter to product_info.php, enabling potentially unauthorized dat...

CVE-2005-4677

SQL injection vulnerability in additionalimages.php aka the Additional Images module before 1.14 in osCommerce allows remote attackers to execute arbitrary SQL commands via the productsid parameter to productinfo.php...