Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
e-commerce vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2007-1423
Multiple PHP remote file inclusion vulnerabilities in WORK system e-commerce 3.0.5 and previous versions allow remote malicious users to execute arbitrary PHP code via a URL in the g_include parameter to include/include_top.php and certain other PHP scripts.
Work System E-commerce Work System E-commerce 3.0.4
Work System E-commerce Work System E-commerce 3.0.41
Work System E-commerce Work System E-commerce 3.0.5
Work System E-commerce Work System E-commerce 3.0.3
1 EDB exploit
4.3
CVSSv2
CVE-2019-0298
SAP E-Commerce (Business-to-Consumer) application does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Fixed in the following components SAP-CRMJAV SAP-CRMWEB SAP-SHRWEB SAP-SHRJAV SAP-CRMAPP SAP-SHRAPP, versions 7.30, 7.31, ...
Sap E-commerce 7.30
Sap E-commerce 7.31
Sap E-commerce 7.32
Sap E-commerce 7.33
Sap E-commerce 7.54
3.5
CVSSv2
CVE-2019-0308
An authenticated attacker in SAP E-Commerce (Business-to-Consumer application), versions 7.3, 7.31, 7.32, 7.33, 7.54, can change the price of the product to zero and also checkout, by injecting an HTML code in the application that will be executed whenever the victim logs in to t...
Sap E-commerce 7.30
Sap E-commerce 7.32
Sap E-commerce 7.33
Sap E-commerce 7.54
Sap E-commerce 7.31
4.3
CVSSv2
CVE-2004-2084
Cross-site scripting (XSS) vulnerability in search.php in JShop E-Commerce Server allows remote malicious users to inject arbitrary web script or HTML via the xSearch parameter.
Jshop E-commerce Jshop Server 1.0.1
Jshop E-commerce Jshop Server 1.0.2
Jshop E-commerce Jshop Server 1.0.3
Jshop E-commerce Jshop Server 1.0.4
Jshop E-commerce Jshop Professional 3.3
Jshop E-commerce Jshop Professional 3.4
Jshop E-commerce Jshop Professional 3.0
Jshop E-commerce Jshop Professional 3.1
Jshop E-commerce Jshop Professional 3.2
Jshop E-commerce Jshop Server 1.1.0
Jshop E-commerce Jshop Server 1.2.0
7.5
CVSSv2
CVE-2007-5801
Unspecified vulnerability in WORK system e-commerce prior to 4.0.2 has unknown impact and attack vectors related to "Ajax pages."
Work System E-commerce Work System E-commerce
3.5
CVSSv2
CVE-2022-27330
A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_product of E-Commerce Website v1.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Title text field.
E-commerce Website Project E-commerce Website 1.0
3.5
CVSSv2
CVE-2021-25204
Cross-site scripting (XSS) vulnerability in SourceCodester E-Commerce Website v 1.0 allows remote malicious users to inject arbitrary web script or HTM via the subject field to feedback_process.php.
E-commerce Website Project E-commerce Website 1.0
7.5
CVSSv2
CVE-2021-25205
SQL injection vulnerability in SourceCodester E-Commerce Website V 1.0 allows remote malicious users to execute arbitrary SQL statements, via the update parameter to empViewUpdate.php .
E-commerce Website Project E-commerce Website 1.0
7.5
CVSSv2
CVE-2021-25207
Arbitrary file upload vulnerability in SourceCodester E-Commerce Website v 1.0 allows malicious users to execute arbitrary code via the file upload to prodViewUpdate.php.
E-commerce Website Project E-commerce Website 1.0
NA
CVE-2023-1506
A vulnerability, which was classified as critical, was found in SourceCodester E-Commerce System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument U_USERNAME leads to sql injection. It is possible to launch the attack remotely. The compl...
E-commerce System Project E-commerce System 1.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »