CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4674 – SQLi in Yazteks E-Commerce Software
https://notcve.org/view.php?id=CVE-2023-4674
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yaztek Software Technologies and Computer Systems E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: through 20231229. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en Yaztek Software Technologies and Computer Systems E-Commerce Software. El software de comercio electrónico permite la inyección de SQL. Este problema afecta a E-Commerce Software: hasta 20231229. NOTA: Se contactó primeramente al proveedor sobre esta divulgación, pero no respondió de nignuna forma. • https://www.usom.gov.tr/bildirim/tr-23-0741 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3898 – SQLi in mAyaNets E-Commerce Software
https://notcve.org/view.php?id=CVE-2023-3898
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mAyaNet E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: before 1.1. • https://www.usom.gov.tr/bildirim/tr-23-0440 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-0308
https://notcve.org/view.php?id=CVE-2019-0308
An authenticated attacker in SAP E-Commerce (Business-to-Consumer application), versions 7.3, 7.31, 7.32, 7.33, 7.54, can change the price of the product to zero and also checkout, by injecting an HTML code in the application that will be executed whenever the victim logs in to the application even on a different machine, leading to Code Injection. Un atacante identificado en SAP E-Commerce (Business-to-Consumer application) versiones 7.3, 7.31, 7.32, 7.33, 7.54 pueden cambiar el precio del producto a cero y además pagar inyectando un código HTML en la aplicación que será ejecutada en cualquier lugar que está la víctima se conecte en la aplicación o incluso en una máquina diferente, lo que conlleva a un código de inyección • https://launchpad.support.sap.com/#/notes/2773493 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2019-0298
https://notcve.org/view.php?id=CVE-2019-0298
SAP E-Commerce (Business-to-Consumer) application does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Fixed in the following components SAP-CRMJAV SAP-CRMWEB SAP-SHRWEB SAP-SHRJAV SAP-CRMAPP SAP-SHRAPP, versions 7.30, 7.31, 7.32, 7.33, 7.54. La aplicación SAP E-Commerce Business-to-Consumer) no codifica las entradas controladas por el usuario suficientemente, generando un vulnerabilidad en Cross-Site Scripting (XSS). Se corrigió en los siguientes componentes SAP-CRMJAV SAP-CRMWEB SAP-SHRWEB SAP-SHRJAV SAP-CRMAPP SAP-SHRAPP, versiones 7.30, 7.31, 7.32, 7.33, 7.54. • http://www.securityfocus.com/bid/108314 https://launchpad.support.sap.com/#/notes/2773086 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2014-10017 – Welcart e-Commerce <= 2.9.1 - SQL Injection
https://notcve.org/view.php?id=CVE-2014-10017
Multiple SQL injection vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) changeSort or (2) switch parameter in the usces_itemedit page to wp-admin/admin.php. Múltiples vulnerabilidades de inyección SQL en el plugin Welcart e-Commerce 1.3.12 para WordPress permiten a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro (1) changeSort o (2) switch en la página usces_itemedit en wp-admin/admin.php. The Welcart e-Commerce for WordPress is vulnerable to SQL Injection via the ‘changeSort’ and 'switch' parameters in versions up to, and including, 2.9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. *New versions than 2.6.10 may still be vulnerable. • http://packetstormsecurity.com/files/125513 http://www.securityfocus.com/bid/65954 https://exchange.xforce.ibmcloud.com/vulnerabilities/91542 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •