7 matches found
CVE-2024-12884
CVE-2024-12884 affects Codezips E-Commerce Website 1.0. The vulnerability is an SQL injection in the login.php function triggered by manipulating the email parameter, allowing remote exploitation. Multiple connected sources corroborate the issue and describe it as critical, with exploitation disc...
CVE-2024-11663
Codezips E-Commerce Site 1.0 (search.php) is affected. The root cause is manipulation of the keywords argument, leading to an SQL injection vulnerability. The issue can be exploited remotely and has been publicly disclosed. Affected components: the search.php functionality; the vulnerability impa...
CVE-2024-12792
CVE-2024-12792 affects Codezips E-Commerce Site 1.0. The vulnerability is an SQL injection in the parameter email of the file newadmin.php, enabling remote exploitation. Multiple connected sources corroborate the issue and indicate exploitation has been disclosed publicly. The CVE is characterize...
CVE-2024-5049
CVE-2024-5049 affects Codezips E-Commerce Site 1.0. The vulnerability is in admin/editproduct.php where manipulating the profilepic parameter leads to unrestricted file upload, enabling remote abuse. The issue is tied to unknown functionality in the editproduct.php handling of profilepic, enablin...
CVE-2024-12794
CVE-2024-12794 affects Codezips E-Commerce Site 1.0, specifically the /admin/editorder.php file. The vulnerability arises from manipulating the dstatus/quantity/ddate parameter, leading to SQL injection. Evidence across multiple sources confirms remote feasibility and public disclosure, indicatin...
CVE-2024-4923
Codezips E-Commerce Site 1.0 contains a vulnerability in admin/addproduct.php where manipulation of the profilepic parameter enables unrestricted file upload. This can be exploited remotely, and public exploit information exists. Impact per available data includes high confidentiality, integrity,...
CVE-2024-12791
Codezips E-Commerce Site 1.0 has a SQL injection in signin.php via the email parameter. Multiple connected sources confirm remote exploitation and disclosure. The issue affects signin.php processing and can be triggered without authentication. Some entries cite a critical rating; others list gene...