CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4674 – SQLi in Yazteks E-Commerce Software
https://notcve.org/view.php?id=CVE-2023-4674
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yaztek Software Technologies and Computer Systems E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: through 20231229. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en Yaztek Software Technologies and Computer Systems E-Commerce Software. El software de comercio electrónico permite la inyección de SQL. Este problema afecta a E-Commerce Software: hasta 20231229. NOTA: Se contactó primeramente al proveedor sobre esta divulgación, pero no respondió de nignuna forma. • https://www.usom.gov.tr/bildirim/tr-23-0741 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3898 – SQLi in mAyaNets E-Commerce Software
https://notcve.org/view.php?id=CVE-2023-3898
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mAyaNet E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: before 1.1. • https://www.usom.gov.tr/bildirim/tr-23-0440 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1CVE-2001-0614 – Pacific Software Carello 1.2.1 Shopping Cart - Command Execution
https://notcve.org/view.php?id=CVE-2001-0614
Carello E-Commerce 1.2.1 and earlier allows a remote attacker to gain additional privileges and execute arbitrary commands via a specially constructed URL. • https://www.exploit-db.com/exploits/20850 http://marc.info/?l=bugtraq&m=98991352402073&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/6532 •