EUVD-2019-20079

PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to...

CVE-2019-25672

PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to...

CVE-2019-25672

PilusCart 1.4.1 is affected by a SQL injection in the send parameter. Unauthenticated attackers can craft POST requests to the comment submission endpoint using RLIKE-based boolean SQL payloads to extract data from the database. The available sources confirm the vulnerability and affected version...

CVE-2019-25672 PilusCart 1.4.1 SQL Injection via send Parameter

PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to...

CVE-2019-25672 PilusCart 1.4.1 SQL Injection via send Parameter

PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to...

PilusCart SQL注入漏洞

PilusCart is an online store management system based on PHP and MySQL. Version 1.4.1 of PilusCart has a SQL injection vulnerability. This vulnerability stems from the send parameter, which allows for SQL injections. It may allow unverified attackers to manipulate database queries and extract...

CVE-2025-40639

A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promosend' parameter in the '/assets/php/calculatediscount.php'...

EUVD-2025-208400

A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promosend' parameter in the '/assets/php/calculatediscount.php'...

CVE-2025-40639 SQL injection in Eventobot

A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promosend' parameter in the '/assets/php/calculatediscount.php'...

PT-2026-24051

A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promo send' parameter in the '/assets/php/calculate discount.php'...

Eventobot SQL注入漏洞

Eventobot is a ticketing management system developed by Eventobot Inc. Eventobot has a SQL injection vulnerability, which stems from insufficient cleaning and escaping of the promosend parameter. This vulnerability may lead to SQL injection attacks...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the searchsend parameter, which is dynamically invoked using the send method. An attacker can execute arbitrary commands on the server by supplying crafted input to this parameter. Remediation Upgrade spree ...

CVE-2011-10019

Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the searchsend parameter, which is dynamically invoked using Ruby’s send method. This allows attackers to execute...

GHSA-97VM-C39P-JR86 Spree has Remote Command Execution vulnerability in search functionality

Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the searchsend parameter, which is dynamically invoked using Ruby’s send method. This allows attackers to execute...

CVE-2011-10019 Spreecommerce < 0.60.2 Search Parameter RCE

Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the searchsend parameter, which is dynamically invoked using Ruby’s send method. This allows attackers to execute...

CVE-2005-0981

Multiple cross-site scripting XSS vulnerabilities in AlstraSoft EPay Pro 2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 payment or 2 send parameter...

CVE-2005-0981

Multiple cross-site scripting XSS vulnerabilities in AlstraSoft EPay Pro 2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 payment or 2 send parameter...