CVE-2018-25397 PHP-SHOP 1.0 Cross-Site Request Forgery via users.php

PHP-SHOP 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to add administrative users by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that automatically submits POST...

EUVD-2018-21919

PHP-SHOP 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to add administrative users by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that automatically submits POST...

SQL Injection Vulnerability in Golden Shop Worry Free Intelligent Shop Management System

Shenzhen to soft information technology limited company is committed to research and development gold store worry-free jewelry snack store management software series, to meet the needs of various types of jewelry retail store management software. Worry-free intelligent store management system SQL...

xt:Commerce 5.4.1 / 6.2.1 / 6.2.2 Improper Access Control Vulnerability

xt:Commerce version 5.4.1, 6.2.1, and 6.2.2 suffer from an improper access control vulnerability. A logged-in customer can create and alter addresses. These addresses are referenced by incrementing IDs. On saving an address, an attacker could change the ID of the address to write the data to. If...

shop.software-partner.de XSS vulnerability

Open Bug Bounty ID: OBB-521776 Description| Value ---|--- Affected Website:| shop.software-partner.de Open Bug Bounty Program:| Not created yet Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A...

SQL injection in Bigware shop software

The Bigware shop software prior to version 2.17 contains a SQL injection, resulting in full database compromise. The injection point is the POST parameter 'pollid' in the module mainbigware54.php. Proof of concept is at: http://files.dw-itsecurity.de/54.zip Time line: 01/23/2012: Vendor contacted...

CVE-2007-3937

CVE-2007-3937 concerns Multiple SQL injection vulnerabilities in A-shop 0.70 and earlier. The available sources indicate that unsanitized inputs in the application allow remote attackers to execute arbitrary SQL commands via unspecified vectors. Affected software: A-shop (version 0.70 and earlier...

просмотр файлов в Web-Portal-System 0.7.0

Здравствуйте, зараза. обнаружил уязвимость в Web-Portal-System 0.7.0 в скрипте wpsshop.cgi параметр art позволяет просматривать произвольные файлы на сервере Exploit: wpsshop.cgi?action=showartikel&cat=kategorie1&art=../../../../../../../../etc/passwd Пример:...