CVE-2023-0997 – SourceCodester Moosikay E-Commerce System POST Parameter order.php sql injection
https://notcve.org/view.php?id=CVE-2023-0997
A vulnerability was found in SourceCodester Moosikay E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Moosikay/order.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. • https://github.com/jidle123/bug_report/blob/main/vendors/razormist/Moosikay%20-%20E-Commerce%20System/SQLi-1.md https://vuldb.com/?ctiid.221732 https://vuldb.com/?id.221732 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-2682 – SourceCodester Alphaware Simple E-Commerce System stockin.php cross site scripting
https://notcve.org/view.php?id=CVE-2022-2682
A vulnerability, which was classified as problematic, has been found in SourceCodester Alphaware Simple E-Commerce System. Affected by this issue is some unknown functionality of the file stockin.php. The manipulation of the argument id with the input '"><script>alert(/xss/)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/895515845/Alphaware-E-Commerce-System/blob/main/Alphaware_xss.md https://vuldb.com/?id.205670 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-2678 – SourceCodester Alphaware Simple E-Commerce System Background Management Page admin_feature.php unrestricted upload
https://notcve.org/view.php?id=CVE-2022-2678
A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System. It has been declared as critical. This vulnerability affects unknown code of the file admin_feature.php of the component Background Management Page. The manipulation leads to unrestricted upload. The attack can be initiated remotely. • https://github.com/895515845/Alphaware-E-Commerce-System/blob/main/Alphaware_file.md https://vuldb.com/?id.205666 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2020-21139
https://notcve.org/view.php?id=CVE-2020-21139
EC Cloud E-Commerce System v1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add admin accounts via /admin.html?do=user&act=add. Se ha detectado que EC Cloud E-Commerce System versión v1.3, contiene una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) que permite a atacantes añadir arbitrariamente cuentas de administrador por medio de /admin.html?do=user&act=add • https://github.com/Ryan0lb/EC-cloud-e-commerce-system-CVE-application/blob/master/README.md • CWE-352: Cross-Site Request Forgery (CSRF) •