CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12794 – Codezips E-Commerce Site editorder.php sql injection
https://notcve.org/view.php?id=CVE-2024-12794
19 Dec 2024 — A vulnerability, which was classified as critical, was found in Codezips E-Commerce Site 1.0. This affects an unknown part of the file /admin/editorder.php. The manipulation of the argument dstatus/quantity/ddate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/laowuzi/cve/blob/main/E-commerce/E-commerce_editorder.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12792 – Codezips E-Commerce Site newadmin.php sql injection
https://notcve.org/view.php?id=CVE-2024-12792
19 Dec 2024 — A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file newadmin.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/laowuzi/cve/blob/main/E-commerce/E-commerce-newadmin.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12791 – Codezips E-Commerce Site signin.php sql injection
https://notcve.org/view.php?id=CVE-2024-12791
19 Dec 2024 — A vulnerability was found in Codezips E-Commerce Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file signin.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. • https://github.com/laowuzi/cve/blob/main/E-commerce/E-commerce-signin.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11663 – Codezips E-Commerce Site search.php sql injection
https://notcve.org/view.php?id=CVE-2024-11663
25 Nov 2024 — A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file search.php. The manipulation of the argument keywords leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/disinroot/CVE/issues/1 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5049 – Codezips E-Commerce Site editproduct.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-5049
17 May 2024 — A vulnerability, which was classified as critical, has been found in Codezips E-Commerce Site 1.0. Affected by this issue is some unknown functionality of the file admin/editproduct.php. The manipulation of the argument profilepic leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/polaris0x1/CVE/issues/2 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4923 – Codezips E-Commerce Site addproduct.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-4923
16 May 2024 — A vulnerability has been found in Codezips E-Commerce Site 1.0 and classified as critical. This vulnerability affects unknown code of the file admin/addproduct.php. The manipulation of the argument profilepic leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/polaris0x1/CVE/issues/1 • CWE-434: Unrestricted Upload of File with Dangerous Type •