22 matches found
EUVD-2020-16396
Malware in sbrugna...
EUVD-2007-4476
Malware in sbrugna...
idnovate Super User 安全漏洞
idnovate Super User is a customer login module for PrestaShop by idnovate. A security vulnerability exists in idnovate Super User version 9.6.0 and earlier, which stems from improper export of the AndroidManifest.xml file component de.idnow...
CVE-2020-23654
NavigateCMS 2.9 is affected by Cross Site Scripting XSS via the module "Shop."...
Object Injection
ezsystems/ezpublish-legacy is vulnerable to Object Injection. The vulnerability due to in the Legacy Shop module which allows an attacker with backend editor privileges to manipulate the discount rule settings...
Ez Platform Object Injection in legacy shop module
This Security Advisory is about a vulnerability in the Legacy shop module. A backend editor could perform object injection in discount rules. This would require backend access and permission to edit discount rules. While object injection in itself is a serious vulnerability, the permission...
GHSA-39J2-4P9J-5W4J Ez Platform Object Injection in legacy shop module
This Security Advisory is about a vulnerability in the Legacy shop module. A backend editor could perform object injection in discount rules. This would require backend access and permission to edit discount rules. While object injection in itself is a serious vulnerability, the permission...
PT-2024-40043 · Unknown · Legacy Shop Module
Name of the Vulnerable Software and Affected Versions: Legacy shop module affected versions not specified Description: The issue concerns a vulnerability in the Legacy shop module where a backend editor can perform object injection in discount rules. This requires backend access and permission to...
CVE-2024-25847
SQL Injection vulnerability in MyPrestaModules "Product Catalog CSV, Excel Import" simpleimportproduct modules for PrestaShop versions 6.5.0 and before, allows attackers to escalate privileges and obtain sensitive information via Send::construct and importProducts::addDataToDb methods...
CVE-2023-45387
In the module "Product Catalog CSV, Excel, XML Export PRO" exportproducts in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via exportProduct::addDataToDb...
CVE-2023-37164
Diafan CMS v6.0 was discovered to contain a reflected cross-site scripting via the catid parameter at /shop/?module=shop&action=search...
IBEXA-SA-2020-006 Object Injection in legacy shop module
More info at https://ezplatform.com/security-advisories/ibexa-sa-2020-006-object-injection-in-legacy-shop-module...
CVE-2020-23654
NavigateCMS 2.9 is affected by Cross Site Scripting XSS via the module "Shop."...
DedeCMS stored xss vulnerability
Vulnerability description: Dedecms is an open source PHP open source website management system. Dedecms member function shopsdelivery. in php des parameters there is stored XSS vulnerability, the attacker may exploit the vulnerability to obtain the users cookie. Test environment: DedeCMS-V5...
lavieunique.com XSS vulnerability
Vulnerable URL: http://lavieunique.com/shop/modules/shop/category.php?cid=2"...
Masir Camp E-Shop Module <= 3.0 (ordercode) SQL Injection Vuln
No description provided by source. www.BugReport.ir AmnPardaz Security Research Team Title: Masir Camp E-Shop Module = 3.0 SQL Injection Vendor: www.masir.net Vulnerable Version: 3.0 and prior versions Exploit: Available Impact: Medium Fix: N/A Original Advisory: http://bugreport.ir/index52.htm 1...
phpShop 2.0 - SQL Injection
phpShop 2.0 - SQL Injection Exploit Title : phpshop 2.0 SQL Injection Vulnerability Author : By onestree Software Link : http://code.google.com/p/phpshop/downloads/list tested : windows 7 / ubuntu Dork : inurl:"tanyakan pada rumput yang bergoyang" SQLi p0c: ==================...
CVE-2008-3955
SQL injection vulnerability in index.php in Masir Camp E-Shop Module 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ordercode parameter in a veiworderstatus page...
CVE-2008-3955
The provided connected records contain concrete details for CVE-2008-3955: an SQL injection vulnerability in index.php of Masir Camp E-Shop Module 3.0 and earlier. The flaw is exploitable via the ordercode parameter on the veiworderstatus page, enabling remote attackers to execute arbitrary SQL c...
Design/Logic Flaw
eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check permissions on module views that lack a policy function, which has unknown impact and attack vectors, as demonstrated by a vulnerability in the discount functionality in the shop module...