3450 matches found
PuneethReddyHC Online Shopping System homeaction.php SQL Injection
An unauthenticated SQL injection vulnerability exists in PuneethReddyHC Online Shopping System through the /homeaction.php catid parameter. Using a post request does not sanitize the user input. id: CVE-2021-41649 info: name: PuneethReddyHC Online Shopping System homeaction.php SQL Injection...
PuneethReddyHC action.php SQL Injection
An unauthenticated SQL injection vulnerability exists in PuneethReddyHC Online Shopping through the /action.php prId parameter. Using a post request does not sanitize the user input. id: CVE-2021-41648 info: name: PuneethReddyHC action.php SQL Injection author: daffainfo severity: high descriptio...
CVE-2026-48868
Unauthenticated Insecure Direct Object References IDOR in Simple Shopping Cart = 5.2.9 versions...
CVE-2026-48868
The CVE-2026-48868 entry concerns the WordPress WordPress Simple Shopping Cart plugin (versions
EUVD-2026-36847
Unauthenticated Insecure Direct Object References IDOR in Simple Shopping Cart = 5.2.9 versions...
CVE-2026-48868 WordPress Simple Shopping Cart plugin <= 5.2.9 - Insecure Direct Object References (IDOR) vulnerability
Unauthenticated Insecure Direct Object References IDOR in Simple Shopping Cart = 5.2.9 versions...
PT-2026-49477
Unauthenticated Insecure Direct Object References IDOR in Simple Shopping Cart = 5.2.9 versions...
CVE-2026-8131
A security flaw has been discovered in SourceCodester SUP Online Shopping 1.0. This impacts an unknown function of the file /admin/replymsg.php. The manipulation of the argument msgid results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the publ...
CVE-2026-8129
A vulnerability was determined in SourceCodester SUP Online Shopping 1.0. The impacted element is an unknown function of the file wishlist.php. Executing a manipulation of the argument delwlistid can lead to sql injection. The attack may be performed from remote. The exploit has been publicly...
CVE-2026-8130
A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. This affects an unknown function of the file /admin/message.php. The manipulation of the argument seenid leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be...
CVE-2026-35489
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the POST /api/food/id/shopping/ endpoint reads amount and unit directly from request.data and passes them without validation to ShoppingListEntry.objects.create. Invalid amount...
WordPress Simple Shopping Cart plugin <= 5.2.9 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Austin Ginder in WordPress Plugin Simple Shopping Cart versions = 5.2.9...
CVE-2026-9377
A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. The impacted element is an unknown function of the file /admin/productedit.php. The manipulation of the argument productName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is...
CVE-2026-9377 SourceCodester SUP Online Shopping productedit.php cross site scripting
A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. The impacted element is an unknown function of the file /admin/productedit.php. The manipulation of the argument productName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is...
CVE-2026-9377 SourceCodester SUP Online Shopping productedit.php cross site scripting
A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. The impacted element is an unknown function of the file /admin/productedit.php. The manipulation of the argument productName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is...
CVE-2026-9377
A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. The impacted element is an unknown function of the file /admin/productedit.php. The manipulation of the argument productName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is...
CVE-2026-9377
SourceCodester SUP Online Shopping 1.0 contains a cross-site scripting (XSS) vulnerability in the admin/productedit.php file. The vulnerability is triggered by manipulating the productName argument, enabling remote attack. The description indicates an exploitable issue with the productedit.php fu...
EUVD-2026-31589
A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. The impacted element is an unknown function of the file /admin/productedit.php. The manipulation of the argument productName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is...
SourceCodester SUP Online Shopping 代码注入漏洞
SourceCodester SUP Online Shopping is an open-source online shopping system developed by SourceCodester. Version 1.0 of SourceCodester SUP Online Shopping contains a code injection vulnerability. This vulnerability arises from improper handling of the productName parameter in the file...
Astra Linux - уязвимость в chromium
Using “after free” in the Shopping Cart in Google Chrome before version 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption through standard feature user interactions...