122 matches found
CVE-2022-2746
A vulnerability has been found in SourceCodester Simple Online Book Store System and classified as critical. This vulnerability affects unknown code of the file Admin add.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. VDB-206014 is the identifier assigne...
CVE-2019-8291
Online Store System v1.0 deletefile.php doesn't check to see if a user has administrative rights nor does it check for path traversal...
CVE-2019-8292
Online Store System v1.0 deleteproduct.php doesn't check to see if a user authtenticated or has administrative rights allowing arbitrary product deletion...
CVE-2025-4472
A vulnerability was found in code-projects Departmental Store Management System 1.0. It has been classified as critical. Affected is the function bill. The manipulation of the argument Item Code leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The explo...
PT-2024-38669 · Unknown · Tosei Online Store Management System
Name of the Vulnerable Software and Affected Versions: Tosei Online Store Management System versions 4.02 through 4.04 Description: A critical vulnerability was found in the Backend component of the system, allowing for the use of default credentials. The attack can be initiated remotely. The...
CVE-2024-6951
A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Book Store System 1.0. This affects an unknown part of the file admindelete.php. The manipulation of the argument bookisbn leads to sql injection. It is possible to initiate the attack remotely. The explo...
CVE-2024-6951 SourceCodester Simple Online Book Store System admin_delete.php sql injection
A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Book Store System 1.0. This affects an unknown part of the file admindelete.php. The manipulation of the argument bookisbn leads to sql injection. It is possible to initiate the attack remotely. The explo...
CVE-2024-6951 SourceCodester Simple Online Book Store System admin_delete.php sql injection
A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Book Store System 1.0. This affects an unknown part of the file admindelete.php. The manipulation of the argument bookisbn leads to sql injection. It is possible to initiate the attack remotely. The explo...
PT-2024-37990 · Sourcecodester · Sourcecodester Simple Online Book Store System
Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Online Book Store System version 1.0 Description: A critical issue was found in the system, affecting an unknown part of the file admin delete.php. The manipulation of the bookisbn argument leads to SQL injection. It is...
CVE-2023-49540
Book Store Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability in /bsmsci/index.php/history. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the history parameter...
CVE-2023-49543
Incorrect access control in Book Store Management System v1 allows attackers to access unauthorized pages and execute administrative functions without authenticating...
Book Store Management System Security Vulnerability
Book Store Management System is an online bookstore system by Carlo Montero, an individual developer. A security vulnerability exists in Book Store Management System v1.0, which originates from a cross-site scripting vulnerability in the /bsmsci/index.php/history file...
CVE-2023-3989
A vulnerability was found in SourceCodester Jewelry Store System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file addcustomer.php. The manipulation leads to cross site scripting. The attack may be launched remotely. VDB-235610 is the identifi...
Cross site scripting
A vulnerability was found in SourceCodester Jewelry Store System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file addcustomer.php. The manipulation leads to cross site scripting. The attack may be launched remotely. VDB-235610 is the identifi...
CVE-2023-3989 SourceCodester Jewelry Store System add_customer.php cross site scripting
A vulnerability was found in SourceCodester Jewelry Store System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file addcustomer.php. The manipulation leads to cross site scripting. The attack may be launched remotely. VDB-235610 is the identifi...
CVE-2023-3989
CVE-2023-3989 affects SourceCodester Jewelry Store System 1.0, specifically the add_customer.php functionality. Multiple sources describe a cross-site scripting (XSS) flaw in an unknown function of that file, with remote exploitation possible. Documented impact indicates only user interaction is ...
Microweber Information Disclosure Vulnerability (CNVD-2023-32768)
Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images and more. A security vulnerability exists in Microweber versions prior to 1.3.4, which stems from...
Microweber 跨站脚本漏洞
Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A cross-site scripting vulnerability exists in Microweber versions prior to 1.3.3 that...
CVE-2023-23024
Book Store Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability in /bsmsci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the writer parameter...
CVE-2022-45215
A cross-site scripting XSS vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the Add New System User module...