CVE-2026-45800 Vvveb: Authenticated SQL injection in /user/orders via order_by and direction

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an authenticated SQL injection issue in the frontend user order history page in Vvveb CMS. A normal frontend user can log in and access /user/orders. The orderby and...

EUVD-2014-8854

Malware in sbrugna...

CVE-2023-3162 Stripe Payment Plugin for WooCommerce <= 3.7.7 - Authentication Bypass

The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.7.7. This is due to insufficient verification on the user being supplied during a Stripe checkout through the plugin. This allows unauthenticated attackers to...

ecshop最新版本几处用户权限越权(其它版本亦可)

简要描述： 就是可以帮助管理员管理订单啥的，匿名活雷锋呐～ 详细说明： 当开启WAP功能手机商城时，未登录可对其它用户订单操作：查看非注册用户订单、取消任意用户订单、任意用户订单确认收货等。 漏洞存在于 /mobile/user.php 页面 1.查看非注册用户订单 elseif $act == 'orderlist' // /mobile/user.php 49行起 $recordcount = $db-getOne"SELECT COUNT FROM " .$ecs-table'orderinfo'. " WHERE userid = $SESSION'userid'";...