124 matches found
CVE-2019-8292
Online Store System v1.0 deleteproduct.php doesn't check to see if a user authtenticated or has administrative rights allowing arbitrary product deletion...
Path traversal
Online Store System v1.0 deletefile.php doesn't check to see if a user has administrative rights nor does it check for path traversal...
Arbitrary file deletion
Online Store System v1.0 deleteproduct.php doesn't check to see if a user authtenticated or has administrative rights allowing arbitrary product deletion...
CVE-2019-8291
Online Store System v1.0 deletefile.php doesn't check to see if a user has administrative rights nor does it check for path traversal...
CVE-2019-8292
Online Store System v1.0 deleteproduct.php doesn't check to see if a user authtenticated or has administrative rights allowing arbitrary product deletion...
CVE-2019-8292
The CVE-2019-8292 entry concerns Online Store System v1.0 where delete_product.php fails to verify authentication or administrative privileges, enabling arbitrary product deletion. This is an access control flaw (no authentication checks or admin rights verification) that directly affects the del...
PT-2019-18969 · Unknown · Online Store System
Name of the Vulnerable Software and Affected Versions: Online Store System version 1.0 Description: The issue concerns the delete product.php file in the Online Store System, which fails to verify if a user is authenticated or has administrative rights. This oversight allows for arbitrary product...
Online Store System CMS SQL Injection Vulnerability
Online Store System CMS is an online management system. A SQL injection vulnerability exists in Online Store System CMS, which can be exploited by an attacker to execute arbitrary SQL commands...
Online Store System CMS 1.0 - SQL Injection
Online Store System CMS 1.0 - SQL Injection Exploit Title: Online Store System CMS 1.0 - SQL Injection Dork: N/A Date: 2018-05-23 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor: Wecodex Solutions Vendor Homepage: https://www.wecodex.com/item/view/online-store-system-in-php-and-mysql/3 Version:...
SQL Injection Vulnerability in UQCMS Cloud Business B2B2C Multi-Store System (CNVD-2018-09894)
UQCMS cloud business system is a program using PHP + MYSQL, template using smarty template B2B2C e-commerce software. UQCMS Cloud Business B2B2C Multi-store System suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database...
SQL Injection Vulnerability in UQCMS Cloud Business B2B2C Multi-store System Version V1.3.2_20180309
UQCMS cloud business system is a program using PHP + MYSQL, template using smarty template B2B2C e-commerce software. UQCMS cloud business B2B2C multi-store system goodsact.class page SQL injection vulnerability, attackers can use the vulnerability to obtain database sensitive information...
SQL injection vulnerability in category.class.php page of UQCMS Cloud B2B2C multi-store system
UQCMS cloud business system is a program using PHP + MYSQL, template using smarty template B2B2C e-commerce software. UQCMS cloud business B2B2C multi-store system category.class.php page SQL injection vulnerability, an attacker can use the vulnerability to obtain database sensitive information...
SQL injection vulnerability in admin.class.php page of UQCMS Cloud B2B2C multi-store system
UQCMS cloud business system is a program using PHP + MYSQL, template using smarty template B2B2C e-commerce software. UQCMS cloud business B2B2C multi-store system admin.class.php page SQL injection vulnerability, attackers can use the vulnerability to obtain database sensitive information...
SQL injection vulnerability in user.mod.php file of UQCMS Cloud B2B2C multi-store system
UQCMS cloud business system is a program using PHP + MYSQL, template using smarty template B2B2C e-commerce software. UQCMS Cloud Business B2B2C multi-store system user.mod.php file has a SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive database information...
SQL Injection Vulnerability in the delProgram Method of the ChaseGrid WeChat Small Program App Store System
Chasing the grid WeChat small program application store system is a free open source small program store system developed by Chasing the grid technology. The delProgram method of the ChaseGrid WeChat applet store system suffers from a SQL injection vulnerability. Attackers can use the vulnerabili...
SQL Injection Vulnerability in UQCMS Cloud Business B2B2C Multi-store System
UQCMS cloud business system is a B2B2C e-commerce software that the program uses PHP+MYSQL and the template uses smarty template. A SQL injection vulnerability exists in UQCMS Cloud Business B2B2C Multi-Store System due to the program failing to adequately filter user-supplied input. An attacker...
SQL injection vulnerability in the api.class.php page of UQCMS Cloud Business B2B2C Multi-store System
UQCMS cloud business system is a B2B2C e-commerce software with the program using PHP+MYSQL and the template using smarty template. A SQL injection vulnerability exists in the api.class.php page of the UQCMS Cloud Business B2B2C Multi-Store System due to the program's failure to adequately filter...
SQL Injection Vulnerability in UQCMS Cloud Business B2B2C Multi-store System member.class.php Page
B2B2C multi-store system is a B2B2C e-commerce software with PHP+MYSQL program and smarty template. A SQL injection vulnerability exists in the member.class.php page of the UQCMS Cloud Business B2B2C Multi-Store System. The vulnerability stems from the program not adequately filtering user-suppli...
SQL injection vulnerability in UQCMS cloud merchant B2B2C multi-store system plug.class.php page
B2B2C multi-store system is a B2B2C e-commerce software with PHP+MYSQL program and smarty template. A SQL injection vulnerability exists in the plug.class.php page of the UQCMS Cloud Business B2B2C Multi-Store System. The vulnerability stems from the fact that the program does not adequately filt...
SQL injection vulnerability in category.class.php page of UQCMS Cloud B2B2C multi-store system
B2B2C multi-store system is a B2B2C e-commerce software with PHP+MYSQL program and smarty template. A SQL injection vulnerability exists in the category.class.php page of the UQCMS Cloud Business B2B2C Multi-Store System. The vulnerability stems from the program not adequately filtering...