Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
e-commerce vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-1423
Multiple PHP remote file inclusion vulnerabilities in WORK system e-commerce 3.0.5 and previous versions allow remote malicious users to execute arbitrary PHP code via a URL in the g_include parameter to include/include_top.php and certain other PHP scripts.
Work System E-commerce Work System E-commerce 3.0.4
Work System E-commerce Work System E-commerce 3.0.41
Work System E-commerce Work System E-commerce 3.0.5
Work System E-commerce Work System E-commerce 3.0.3
1 EDB exploit
6.1
CVSSv3
CVE-2019-0298
SAP E-Commerce (Business-to-Consumer) application does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Fixed in the following components SAP-CRMJAV SAP-CRMWEB SAP-SHRWEB SAP-SHRJAV SAP-CRMAPP SAP-SHRAPP, versions 7.30, 7.31, ...
Sap E-commerce 7.30
Sap E-commerce 7.31
Sap E-commerce 7.32
Sap E-commerce 7.33
Sap E-commerce 7.54
6.8
CVSSv3
CVE-2019-0308
An authenticated attacker in SAP E-Commerce (Business-to-Consumer application), versions 7.3, 7.31, 7.32, 7.33, 7.54, can change the price of the product to zero and also checkout, by injecting an HTML code in the application that will be executed whenever the victim logs in to t...
Sap E-commerce 7.30
Sap E-commerce 7.32
Sap E-commerce 7.33
Sap E-commerce 7.54
Sap E-commerce 7.31
NA
CVE-2004-2084
Cross-site scripting (XSS) vulnerability in search.php in JShop E-Commerce Server allows remote malicious users to inject arbitrary web script or HTML via the xSearch parameter.
Jshop E-commerce Jshop Server 1.0.1
Jshop E-commerce Jshop Server 1.0.2
Jshop E-commerce Jshop Server 1.0.3
Jshop E-commerce Jshop Server 1.0.4
Jshop E-commerce Jshop Professional 3.3
Jshop E-commerce Jshop Professional 3.4
Jshop E-commerce Jshop Professional 3.0
Jshop E-commerce Jshop Professional 3.1
Jshop E-commerce Jshop Professional 3.2
Jshop E-commerce Jshop Server 1.1.0
Jshop E-commerce Jshop Server 1.2.0
5.4
CVSSv3
CVE-2022-27330
A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_product of E-Commerce Website v1.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Title text field.
E-commerce Website Project E-commerce Website 1.0
5.4
CVSSv3
CVE-2021-25204
Cross-site scripting (XSS) vulnerability in SourceCodester E-Commerce Website v 1.0 allows remote malicious users to inject arbitrary web script or HTM via the subject field to feedback_process.php.
E-commerce Website Project E-commerce Website 1.0
9.8
CVSSv3
CVE-2021-25205
SQL injection vulnerability in SourceCodester E-Commerce Website V 1.0 allows remote malicious users to execute arbitrary SQL statements, via the update parameter to empViewUpdate.php .
E-commerce Website Project E-commerce Website 1.0
9.8
CVSSv3
CVE-2021-25207
Arbitrary file upload vulnerability in SourceCodester E-Commerce Website v 1.0 allows malicious users to execute arbitrary code via the file upload to prodViewUpdate.php.
E-commerce Website Project E-commerce Website 1.0
8.1
CVSSv3
CVE-2023-1505
A vulnerability, which was classified as critical, has been found in SourceCodester E-Commerce System 1.0. This issue affects some unknown processing of the file /ecommerce/admin/settings/setDiscount.php. The manipulation of the argument id with the input 201737 AND (SELECT 8973 ...
E-commerce System Project E-commerce System 1.0
8.1
CVSSv3
CVE-2023-1506
A vulnerability, which was classified as critical, was found in SourceCodester E-Commerce System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument U_USERNAME leads to sql injection. It is possible to launch the attack remotely. The compl...
E-commerce System Project E-commerce System 1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-3611
CVE-2024-4947
CVE-2024-32988
CVE-2020-35165
local file inclusion
CVE-2024-4980
bypass
malicious code
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »