CVE-2023-7105 – code-projects E-Commerce Website index_search.php sql injection
https://notcve.org/view.php?id=CVE-2023-7105
A vulnerability was found in code-projects E-Commerce Website 1.0. It has been classified as critical. Affected is an unknown function of the file index_search.php. The manipulation of the argument search leads to sql injection. It is possible to launch the attack remotely. • https://github.com/h4md153v63n/CVEs/blob/main/E-Commerce_Website/E-Commerce%20Website%20-%20SQL%20Injection%201.md https://vuldb.com/?ctiid.249000 https://vuldb.com/?id.249000 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-27330
https://notcve.org/view.php?id=CVE-2022-27330
A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_product of E-Commerce Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Title text field. Una vulnerabilidad de tipo cross-site scripting (XSS) en /public/admin/index.php?add_product de E-Commerce Website versión v1.0, permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de una carga útil diseñada inyectada en el campo de texto Product Title • https://github.com/CP04042K/Full-Ecommece-Website-Add_Product-Stored_XSS-POC • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-25204
https://notcve.org/view.php?id=CVE-2021-25204
Cross-site scripting (XSS) vulnerability in SourceCodester E-Commerce Website v 1.0 allows remote attackers to inject arbitrary web script or HTM via the subject field to feedback_process.php. Una vulnerabilidad de tipo Cross-site scripting (XSS) en SourceCodester E-Commerce Website versión v1.0, permite a atacantes remotos inyectar script web o HTM arbitrario por medio del campo subject al archivo feedback_process.php • https://github.com/BigTiger2020/E-Commerce-Website/blob/main/E-Commerce%20Website-xss.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-25207
https://notcve.org/view.php?id=CVE-2021-25207
Arbitrary file upload vulnerability in SourceCodester E-Commerce Website v 1.0 allows attackers to execute arbitrary code via the file upload to prodViewUpdate.php. Una vulnerabilidad de SourceCodester E-Commerce Website versión v1.0, permite a atacantes ejecutar código arbitrario por medio de la carga de archivos en el archivo prodViewUpdate.php • https://github.com/BigTiger2020/E-Commerce-Website/blob/main/E-Commerce%20Website%20-upload.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2021-25205
https://notcve.org/view.php?id=CVE-2021-25205
SQL injection vulnerability in SourceCodester E-Commerce Website V 1.0 allows remote attackers to execute arbitrary SQL statements, via the update parameter to empViewUpdate.php . Una vulnerabilidad de inyección SQL en SourceCodester E-Commerce Website versión V1.0, permite a atacantes remotos ejecutar sentencias SQL arbitrario, por medio del parámetro update del archivo empViewUpdate.php • https://github.com/BigTiger2020/E-Commerce-Website/blob/main/E-Commerce%20Website-sql.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •