CVE-2024-10743 – PHPGurukul Online Shopping Portal editable_ajax.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-10743
A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been classified as problematic. Affected is an unknown function of the file /shopping/admin/assets/plugins/DataTables/examples/examples_support/editable_ajax.php. The manipulation of the argument value leads to cross site scripting. It is possible to launch the attack remotely. • https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20Online%20Shopping%20Portal%202.0%20-%20(editable_ajax.php).md https://phpgurukul.com https://vuldb.com/?ctiid.282912 https://vuldb.com/?id.282912 https://vuldb.com/?submit.436060 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-9326 – PHPGurukul Online Shopping Portal Admin Panel index.php sql injection
https://notcve.org/view.php?id=CVE-2024-9326
A vulnerability classified as critical was found in PHPGurukul Online Shopping Portal 2.0. This vulnerability affects unknown code of the file /shopping/admin/index.php of the component Admin Panel. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://hackmd.io/@SeaWind/ryBv7CGCR https://phpgurukul.com https://vuldb.com/?ctiid.278830 https://vuldb.com/?id.278830 https://vuldb.com/?submit.414058 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-38890
https://notcve.org/view.php?id=CVE-2023-38890
Online Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username field, enabling SQL Injection attacks. Online Shopping Portal Project v3.1 permite a atacantes remotos ejecutar comandos/consultas SQL arbitrarias a través del formulario de inicio de sesión, lo que conduce a un acceso no autorizado y a una posible manipulación de los datos. Esta vulnerabilidad surge debido a la insuficiente validación de entrada proporcionada por el usuario en el campo de nombre de usuario, lo que permite ataques de inyección SQL. • https://github.com/akshadjoshi/CVE-2023-38890 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-37772
https://notcve.org/view.php?id=CVE-2023-37772
Online Shopping Portal Project v3.1 was discovered to contain a SQL injection vulnerability via the Email parameter at /shopping/login.php. • https://github.com/anky-123/CVE-2023-37772 http://phpgurukul.com/shopping-portal-free-download https://github.com/anky-123/CVE-2023-37772/blob/main/CVE-2 https://phpgurukul.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-3605 – PHPGurukul Online Shopping Portal Registration Page excessive authentication
https://notcve.org/view.php?id=CVE-2023-3605
A vulnerability was found in PHPGurukul Online Shopping Portal 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Registration Page. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be launched remotely. • https://vuldb.com/?ctiid.233467 https://vuldb.com/?id.233467 • CWE-307: Improper Restriction of Excessive Authentication Attempts •