CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4674 – SQLi in Yazteks E-Commerce Software
https://notcve.org/view.php?id=CVE-2023-4674
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yaztek Software Technologies and Computer Systems E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: through 20231229. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en Yaztek Software Technologies and Computer Systems E-Commerce Software. El software de comercio electrónico permite la inyección de SQL. Este problema afecta a E-Commerce Software: hasta 20231229. NOTA: Se contactó primeramente al proveedor sobre esta divulgación, pero no respondió de nignuna forma. • https://www.usom.gov.tr/bildirim/tr-23-0741 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2014-10017 – Welcart e-Commerce <= 2.9.1 - SQL Injection
https://notcve.org/view.php?id=CVE-2014-10017
Multiple SQL injection vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) changeSort or (2) switch parameter in the usces_itemedit page to wp-admin/admin.php. Múltiples vulnerabilidades de inyección SQL en el plugin Welcart e-Commerce 1.3.12 para WordPress permiten a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro (1) changeSort o (2) switch en la página usces_itemedit en wp-admin/admin.php. The Welcart e-Commerce for WordPress is vulnerable to SQL Injection via the ‘changeSort’ and 'switch' parameters in versions up to, and including, 2.9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. *New versions than 2.6.10 may still be vulnerable. • http://packetstormsecurity.com/files/125513 http://www.securityfocus.com/bid/65954 https://exchange.xforce.ibmcloud.com/vulnerabilities/91542 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2014-10016 – Welcart e-Commerce <= 1.3.12 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-10016
Multiple cross-site scripting (XSS) vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to inject arbitrary web script or HTML via (1) unspecified vectors related to purchase_limit or the (2) name, (3) intl, (4) nocod, or (5) time parameter in an add_delivery_method action to wp-admin/admin-ajax.php. Múltiples vulnerabilidades de XSS en el plugin Welcart e-Commerce 1.3.12 para WordPress permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de (1) vectores no especificados relacionados con purchase_limit o del parámetro (2) name, (3) intl, (4) nocod, o (5) time en una acción add_delivery_method en wp-admin/admin-ajax.php. • http://packetstormsecurity.com/files/125513 http://secunia.com/advisories/57222 http://www.securityfocus.com/bid/65954 https://exchange.xforce.ibmcloud.com/vulnerabilities/91541 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •