Lucene search
+L

124 matches found

OSV
OSV
added 2019/10/01 8:15 p.m.5 views

CVE-2019-8292

Online Store System v1.0 deleteproduct.php doesn't check to see if a user authtenticated or has administrative rights allowing arbitrary product deletion...

5.3CVSS6.2AI score0.01886EPSS
Exploits1References5
Prion
Prion
added 2019/10/01 8:15 p.m.17 views

Path traversal

Online Store System v1.0 deletefile.php doesn't check to see if a user has administrative rights nor does it check for path traversal...

6.4CVSS7.5AI score0.01407EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2019/10/01 8:15 p.m.17 views

Arbitrary file deletion

Online Store System v1.0 deleteproduct.php doesn't check to see if a user authtenticated or has administrative rights allowing arbitrary product deletion...

5CVSS5.4AI score0.01886EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2019/10/01 7:53 p.m.21 views

CVE-2019-8291

Online Store System v1.0 deletefile.php doesn't check to see if a user has administrative rights nor does it check for path traversal...

7.5AI score0.01407EPSS
Exploits1References3
Cvelist
Cvelist
added 2019/10/01 7:53 p.m.14 views

CVE-2019-8292

Online Store System v1.0 deleteproduct.php doesn't check to see if a user authtenticated or has administrative rights allowing arbitrary product deletion...

5.4AI score0.01886EPSS
Exploits1References5
CVE
CVE
added 2019/10/01 7:53 p.m.102 views

CVE-2019-8292

The CVE-2019-8292 entry concerns Online Store System v1.0 where delete_product.php fails to verify authentication or administrative privileges, enabling arbitrary product deletion. This is an access control flaw (no authentication checks or admin rights verification) that directly affects the del...

5.3CVSS5.3AI score0.01886EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2019/10/01 12:0 a.m.5 views

PT-2019-18969 · Unknown · Online Store System

Name of the Vulnerable Software and Affected Versions: Online Store System version 1.0 Description: The issue concerns the delete product.php file in the Online Store System, which fails to verify if a user is authenticated or has administrative rights. This oversight allows for arbitrary product...

5.3CVSS5.4AI score0.01886EPSS
Exploits1References6
CNVD
CNVD
added 2018/06/13 12:0 a.m.2 views

Online Store System CMS SQL Injection Vulnerability

Online Store System CMS is an online management system. A SQL injection vulnerability exists in Online Store System CMS, which can be exploited by an attacker to execute arbitrary SQL commands...

8.5AI score
Exploits0References1
exploitpack
exploitpack
added 2018/05/23 12:0 a.m.45 views

Online Store System CMS 1.0 - SQL Injection

Online Store System CMS 1.0 - SQL Injection Exploit Title: Online Store System CMS 1.0 - SQL Injection Dork: N/A Date: 2018-05-23 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor: Wecodex Solutions Vendor Homepage: https://www.wecodex.com/item/view/online-store-system-in-php-and-mysql/3 Version:...

Exploits0
CNVD
CNVD
added 2018/05/16 12:0 a.m.2 views

SQL Injection Vulnerability in UQCMS Cloud Business B2B2C Multi-Store System (CNVD-2018-09894)

UQCMS cloud business system is a program using PHP + MYSQL, template using smarty template B2B2C e-commerce software. UQCMS Cloud Business B2B2C Multi-store System suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database...

7.6AI score
Exploits0
CNVD
CNVD
added 2018/05/02 12:0 a.m.3 views

SQL Injection Vulnerability in UQCMS Cloud Business B2B2C Multi-store System Version V1.3.2_20180309

UQCMS cloud business system is a program using PHP + MYSQL, template using smarty template B2B2C e-commerce software. UQCMS cloud business B2B2C multi-store system goodsact.class page SQL injection vulnerability, attackers can use the vulnerability to obtain database sensitive information...

7.9AI score
Exploits0
CNVD
CNVD
added 2018/04/17 12:0 a.m.3 views

SQL injection vulnerability in category.class.php page of UQCMS Cloud B2B2C multi-store system

UQCMS cloud business system is a program using PHP + MYSQL, template using smarty template B2B2C e-commerce software. UQCMS cloud business B2B2C multi-store system category.class.php page SQL injection vulnerability, an attacker can use the vulnerability to obtain database sensitive information...

7.9AI score
Exploits0
CNVD
CNVD
added 2018/04/17 12:0 a.m.4 views

SQL injection vulnerability in admin.class.php page of UQCMS Cloud B2B2C multi-store system

UQCMS cloud business system is a program using PHP + MYSQL, template using smarty template B2B2C e-commerce software. UQCMS cloud business B2B2C multi-store system admin.class.php page SQL injection vulnerability, attackers can use the vulnerability to obtain database sensitive information...

7.9AI score
Exploits0
CNVD
CNVD
added 2018/03/06 12:0 a.m.3 views

SQL injection vulnerability in user.mod.php file of UQCMS Cloud B2B2C multi-store system

UQCMS cloud business system is a program using PHP + MYSQL, template using smarty template B2B2C e-commerce software. UQCMS Cloud Business B2B2C multi-store system user.mod.php file has a SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive database information...

7.9AI score
Exploits0
CNVD
CNVD
added 2017/12/28 12:0 a.m.3 views

SQL Injection Vulnerability in the delProgram Method of the ChaseGrid WeChat Small Program App Store System

Chasing the grid WeChat small program application store system is a free open source small program store system developed by Chasing the grid technology. The delProgram method of the ChaseGrid WeChat applet store system suffers from a SQL injection vulnerability. Attackers can use the vulnerabili...

7.9AI score
Exploits0
CNVD
CNVD
added 2017/12/21 12:0 a.m.3 views

SQL Injection Vulnerability in UQCMS Cloud Business B2B2C Multi-store System

UQCMS cloud business system is a B2B2C e-commerce software that the program uses PHP+MYSQL and the template uses smarty template. A SQL injection vulnerability exists in UQCMS Cloud Business B2B2C Multi-Store System due to the program failing to adequately filter user-supplied input. An attacker...

7.6AI score
Exploits0
CNVD
CNVD
added 2017/12/21 12:0 a.m.5 views

SQL injection vulnerability in the api.class.php page of UQCMS Cloud Business B2B2C Multi-store System

UQCMS cloud business system is a B2B2C e-commerce software with the program using PHP+MYSQL and the template using smarty template. A SQL injection vulnerability exists in the api.class.php page of the UQCMS Cloud Business B2B2C Multi-Store System due to the program's failure to adequately filter...

7.6AI score
Exploits0
CNVD
CNVD
added 2017/12/12 12:0 a.m.4 views

SQL Injection Vulnerability in UQCMS Cloud Business B2B2C Multi-store System member.class.php Page

B2B2C multi-store system is a B2B2C e-commerce software with PHP+MYSQL program and smarty template. A SQL injection vulnerability exists in the member.class.php page of the UQCMS Cloud Business B2B2C Multi-Store System. The vulnerability stems from the program not adequately filtering user-suppli...

7.9AI score
Exploits0
CNVD
CNVD
added 2017/12/12 12:0 a.m.4 views

SQL injection vulnerability in UQCMS cloud merchant B2B2C multi-store system plug.class.php page

B2B2C multi-store system is a B2B2C e-commerce software with PHP+MYSQL program and smarty template. A SQL injection vulnerability exists in the plug.class.php page of the UQCMS Cloud Business B2B2C Multi-Store System. The vulnerability stems from the fact that the program does not adequately filt...

7.9AI score
Exploits0
CNVD
CNVD
added 2017/12/12 12:0 a.m.4 views

SQL injection vulnerability in category.class.php page of UQCMS Cloud B2B2C multi-store system

B2B2C multi-store system is a B2B2C e-commerce software with PHP+MYSQL program and smarty template. A SQL injection vulnerability exists in the category.class.php page of the UQCMS Cloud Business B2B2C Multi-Store System. The vulnerability stems from the program not adequately filtering...

7.9AI score
Exploits0
Rows per page
Query Builder