Shopkit 安全漏洞

Shopkit is an open source Kirby Cms version 2 integrated commerce solution by Sam Nabi, an individual developer in Canada. A security vulnerability exists in Shopkit version 1.0. An attacker exploited the vulnerability to add a negative number of items to the shopping cart via the qtd parameter i...

PT-2024-39095 · Unknown · Sourcecodester Food Ordering Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Food Ordering Management System version 1.0 Description: A problematic vulnerability was found in the SourceCodester Food Ordering Management System. This issue affects the Price Handler component, specifically the file...

Food Ordering Management System 安全漏洞

Food Ordering Management System is a food ordering management system by the individual developer Carlo Montero. It provides an online platform to order food from a restaurant or fast food chain. A security vulnerability exists in Food Ordering Management System version 1.0, which stems from the...

alf.io 安全漏洞

Alf.io is a free and open source event attendance management system open-sourced by Alf.io. A security vulnerability exists in versions of alf.io prior to 2.0-M5, which stems from a race condition that could allow a user to bypass the quantity limit of a promotional code and use a discount coupon...

CVE-2024-6128

A vulnerability, which was classified as problematic, has been found in spa-cartcms 1.9.0.6. This issue affects some unknown processing of the file /checkout of the component Checkout Page. The manipulation of the argument quantity with the input -10 leads to enforcement of behavioral workflow. T...

CVE-2024-6128 spa-cartcms Checkout Page checkout behavioral workflow

A vulnerability, which was classified as problematic, has been found in spa-cartcms 1.9.0.6. This issue affects some unknown processing of the file /checkout of the component Checkout Page. The manipulation of the argument quantity with the input -10 leads to enforcement of behavioral workflow. T...

SPA-Cart Security Breach

SPA-Cart is a shopping cart software from SPA-Cart, Inc. A security vulnerability exists in SPA-Cart version 1.9.0.6, which stems from the fact that incorrect manipulation of the parameter quantity can lead to the enforcement of a behavioral workflow...

PT-2024-37404 · Unknown · Spa-Cartcms

Name of the Vulnerable Software and Affected Versions: spa-cartcms version 1.9.0.6 Description: A problematic issue has been found in the Checkout Page component, affecting the processing of the file /checkout. The manipulation of the quantity argument with the input -10 leads to enforcement of...

CVE-2024-30527

CVE-2024-30527 affects WordPress WP Express Checkout (Accept PayPal Payments) plugin up to version 2.3.7. An improper validation of the specified quantity in input allows manipulating hidden fields during checkout, enabling price manipulation. Mitigation: upgrade to a version later than 2.3.7 (pa...

PT-2024-23455 · WordPress · Wp Express Checkout

Name of the Vulnerable Software and Affected Versions: WP Express Checkout Accept PayPal Payments versions through 2.3.7 Description: The issue is related to improper validation of specified quantity in input, allowing manipulation of hidden fields. This can be exploited to manipulate the checkou...

Online Book System SQL注入漏洞

Online Book System is an online booking system. A SQL injection vulnerability exists in version 1.0 of the Online Book System due to a lack of validation of externally entered SQL statements in the quantity/remove parameter of the /cart.php file. An attacker can exploit this vulnerability to...

CVE-2024-2151

A vulnerability classified as problematic was found in SourceCodester Online Mobile Management Store 1.0. Affected by this vulnerability is an unknown functionality of the component Product Price Handler. The manipulation of the argument quantity with the input -1 leads to business logic errors...

PT-2024-18924 · Sourcecodester · Sourcecodester Online Mobile Management Store

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Mobile Management Store version 1.0 Description: A problematic vulnerability was found in the component Product Price Handler of the SourceCodester Online Mobile Management Store. The manipulation of the quantity argumen...

CVE-2023-49665

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'quantity' parameter of the submitdeliverylist.php resource does not validate the characters received and they are sent unfiltered to the database...

In some pools, borrowers can maliciously prevent liquidatePosition()

Lines of code Vulnerability details Vulnerability details in liquidatePosition At the end of the liquidation, the liquidation fee will be transferred to the liquidator. function liquidatePosition DataStruct.ClosePositionParams calldata params, address borrower external override nonReentrant...

CVE-2023-48768

Cross-Site Request Forgery CSRF vulnerability in CodeAstrology Team Quantity Plus Minus Button for WooCommerce by CodeAstrology.This issue affects Quantity Plus Minus Button for WooCommerce by CodeAstrology: from n/a through 1.1.9...

CVE-2023-48768

Cross-Site Request Forgery CSRF vulnerability in CodeAstrology Team Quantity Plus Minus Button for WooCommerce by CodeAstrology.This issue affects Quantity Plus Minus Button for WooCommerce by CodeAstrology: from n/a through 1.1.9...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in CodeAstrology Team Quantity Plus Minus Button for WooCommerce by CodeAstrology.This issue affects Quantity Plus Minus Button for WooCommerce by CodeAstrology: from n/a through 1.1.9...

CVE-2023-48768

CVE-2023-48768 affects the WordPress plugin Quantity Plus Minus Button for WooCommerce by CodeAstrology. Multiple connected sources confirm a CSRF vulnerability due to missing CSRF protection in Settings update, impacting versions up to and including 1.1.9. PatchStack specifies vulnerable versions

WordPress Plugin Quantity Plus Minus Button for WooCommerce by CodeAstrology Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Quantity Plus Minus Button...