WordPress Package Quantity Discount plugin <= 1.1.1 - Multiple vulnerabilities

Multiple vulnerabilities Authenticated Arbitrary WordPress Options Change, Read and Deletion / Authenticated User Enumeration / Authenticated Plugin Settings Change, Import and Export were discovered by Jerome Bruandet NinTechNet in the WordPress Package Quantity Discount plugin versions = 1.1.1...

Online News Portal 1.0 - &#039;name&#039; SQL Injection

Exploit Title: Online News Portal 1.0 - 'name' SQL Injection Exploit Author: Richard Jones Date: 2021-03-18 Vendor Homepage: https://www.sourcecodester.com/php/14741/online-news-portal-using-phpmysqli-free-download-source-code.html Software Link:...

CSE Bookstore 1.0 - &#039;quantity&#039; Persistent Cross-site Scripting

Exploit Title: CSE Bookstore 1.0 - 'quantity' Persistent Cross-site Scripting Date: 30/10/2020 Exploit Author: Vyshnav NK Vendor Homepage: https://projectworlds.in/ Software Link: https://github.com/projectworlds32/online-book-store-project-in-php/archive/master.zip Version: 1.0 Tested on: Window...

Grocy Cross-Site Scripting Vulnerability

Grocy is a web-based self-hosted grocery and home management solution for families by individual developers. The platform is an ERP system for families written in PHP. A cross-site scripting vulnerability exists in Grocy version 2.7.1 and prior versions. The vulnerability is related to a running...

Negative charge in shopping cart in Shopizer

Impact Using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total. Patches Adding a back-end verification to check that quantity parameter isn't negative. If so, it is set to 1. Patched in 2.11.0 Workarounds Without...

GHSA-W8RC-PGXQ-X2CJ Negative charge in shopping cart in Shopizer

Impact Using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total. Patches Adding a back-end verification to check that quantity parameter isn't negative. If so, it is set to 1. Patched in 2.11.0 Workarounds Without...

CVE-2020-11007

In Shopizer before version 2.11.0, using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total. This vulnerability makes it possible to create a negative total in the shopping cart. This has been patched in version...

UBUNTU-CVE-2018-16809

An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and valueunit...

DEBIAN-CVE-2018-18928

International Components for Unicode ICU for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString in i18n/numberdecimalquantity.cpp...

Zomato: [www.zomato.com] Tampering with Order Quantity and paying less amount then actual amount, leads to business loss

Hi, Team, Like discussed with Prateek I am dropping the report here. Summary: Like the title says using this vulnerability one could order food at negligible price or keep all delivery executives busy. Description: While fuzzing my way through the payment flow on Zomato orders I came across a...

Design/Logic Flaw

Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions...

CVE-2018-14059

Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions...

Reverb.com: Items bought for free due to lacks of quantity controls

Hi, The server fails to check the quantity of the items that are going to be sell. Values = 0 are accepted as 1. PoC: Go here https://sandbox.reverb.com/fr/item/139897-fender-2-strap-leather-test-2018-leather Intercept the response after clicking "Add to cart" and put "quantity: 0" F302179 Procee...

Textpattern CMS 'qty' SQL Injection Vulnerability

Textpattern CMS is an open source content management system CMS developed by the Textpattern team. The system supports creating, editing and publishing content. A SQL injection vulnerability exists in Textpattern CMS 4.6.2 and earlier versions. A remote attacker can use the 'qty' parameter on the...

Logic Flaw Vulnerability in YXCMS

YXCMS is an efficient website management system built on PHP+MYSQL. A logic flaw vulnerability exists in YXCMS version 1.4.7, which can be exploited by attackers to perform unauthorized operations, such as modifying the price and quantity of products...

GitLab: Using GitLab to monitor and hijack domains in mass quantity.

Vulnerability Description There is a logic flaw in how GitLab pages can set custom domains that allows an attacker to actively monitor domains and hijack them as soon as they point to 52.167.214.135. GitLab allows setting an unlimited number of domains for a single repository. First, I wrote a...

Happy 8th Birthday, KrebsOnSecurity!

Eight years ago today I set aside my Washington Post press badge and became an independent here at KrebsOnSecurity.com. What a wild ride it has been. Thank you all, Dear Readers, for sticking with me and for helping to build a terrific community. This past year KrebsOnSecurity published nearly 16...

Snapchat: [spectacles.com] Bypassing quantity limit in orders

Hi Snapchat team, In the https://www.spectacles.com the quantity of orders has limited for spectacles is 6 and for accessories is 10 according to help support page. But it can easily be manipulated by editing the URL. Problem originates from limiting the quantity of the items is with just the UI...

BBCBuilder e-commerce system has design flaws

BBCbuilder is a new model of b2b2c e-commerce system built by Yuanfeng Company. BBCBuilder e-commerce system has a logical design vulnerability. An attacker can modify the number of products purchased after logging in and then modify the payment amount by grabbing packets...

Logic design flaw vulnerability at DBSHOP_0.9.3_Beta /module/Shopfront/src/Shopfront/Controller/CartController.php

DBShop is an open source e-commerce online store system developed using endFramework. DBSHOP0.9.3Beta /module/Shopfront/src/Shopfront/Controller/CartController.php at the logical design flaws vulnerability. When adding an order, it fails to determine the quantity of the product and directly...