20 matches found
CVE-2026-7296
A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function saveorder of the file /admin/ajax.php?action=saveorder. Performing a manipulation of the argument firstname results in cross site scripting. Remote exploitation of the attack is possible. The explo...
CVE-2026-7266
A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. The impacted element is the function saveorder of the file /admin/ajax.php?action=saveorder. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit is now public an...
CVE-2026-7266
SourceCodester Pizzafy Ecommerce System 1.0 is affected by a SQL injection in the admin/ajax.php?action=save_order function via the ID parameter. The vulnerability can be exploited remotely and publicly; exploitation is noted as PROOF-OF-CONCEPT. Impact is described as low for confidentiality, in...
EUVD-2026-26032
A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. The impacted element is the function saveorder of the file /admin/ajax.php?action=saveorder. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit is now public an...
CVE-2026-7266 SourceCodester Pizzafy Ecommerce System ajax.php save_order sql injection
A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. The impacted element is the function saveorder of the file /admin/ajax.php?action=saveorder. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit is now public an...
CVE-2026-7266 SourceCodester Pizzafy Ecommerce System ajax.php save_order sql injection
A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. The impacted element is the function saveorder of the file /admin/ajax.php?action=saveorder. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit is now public an...
CVE-2026-7266
A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. The impacted element is the function saveorder of the file /admin/ajax.php?action=saveorder. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit is now public an...
SourceCodester Pizzafy Ecommerce System 注入漏洞
SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System has a vulnerability related to SQL injection, which stems from the saveorder function in the admin/ajax.php?action=saveorder file,...
SourceCodester Pizzafy Ecommerce System 跨站脚本漏洞
SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System has a cross-site scripting vulnerability. This vulnerability arises from the saveorder function in the file...
PT-2026-35710
A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. The impacted element is the function save order of the file /admin/ajax.php?action=save order. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit is now public...
PT-2026-35822
A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function save order of the file /admin/ajax.php?action=save order. Performing a manipulation of the argument first name results in cross site scripting. Remote exploitation of the attack is possible. The...
Simple Shopping Cart save_order.php File SQL Injection Vulnerability
Simple Shopping Cart is a simple shopping cart system. Simple Shopping Cart suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter orderprice in the file /Customers/saveorder.php. An attacker can exploit this...
Code-Projects Simple Shopping Cart 注入漏洞
Simple Shopping Cart is a simple shopping cart system. Simple Shopping Cart suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter orderprice in the file /Customers/saveorder.php. An attacker can exploit this...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection through the /admin-api/system/adminmenus/saveorder endpoint. An attacker can manipulate the SQL queries and access or modify data in the database by injecting malicious SQL commands. Remediation Upgrade slowlyo/owl-admin t...
CVE-2025-28057
owl-admin v3.2.2 to v4.10.2 is vulnerable to SQL Injection in /admin-api/system/adminmenus/saveorder...
CVE-2025-28057
owl-admin v3.2.2 to v4.10.2 is vulnerable to SQL Injection in /admin-api/system/adminmenus/saveorder...
Owl Admin 安全漏洞
Owl Admin is a fast and flexible backend framework from Owl Admin. A security vulnerability exists in Owl Admin v3.2.2 through v4.10.2, which stems from an SQL injection in /admin-api/system/adminmenus/saveorder...
CVE-2023-0719
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxsavesortorder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke...
Floating Social Bar 1.1.5 XSS
Everyone can access saveorder. File: floating-social-bar\class-floating-social-bar.php addaction 'wpajaxfsbsaveorder', array $this, 'saveorder' ; addaction 'wpajaxnoprivfsbsaveorder', array $this, 'saveorder' ; $REQUEST'items' is not escaped. File: floating-social-bar\class-floating-social-bar.ph...
WordPress Floating Social Bar Plugin Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed using the PHP language that allows users to set up their own websites on servers that support PHP and MySQL databases. A cross-site scripting vulnerability exists in the 'saveorder' function in the class-floating-social-bar.php script in versions of the...