Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
e-commerce vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2007-1423
Multiple PHP remote file inclusion vulnerabilities in WORK system e-commerce 3.0.5 and previous versions allow remote malicious users to execute arbitrary PHP code via a URL in the g_include parameter to include/include_top.php and certain other PHP scripts.
Work System E-commerce Work System E-commerce 3.0.4
Work System E-commerce Work System E-commerce 3.0.41
Work System E-commerce Work System E-commerce 3.0.5
Work System E-commerce Work System E-commerce 3.0.3
1 EDB exploit
3.5
CVSSv2
CVE-2019-0308
An authenticated attacker in SAP E-Commerce (Business-to-Consumer application), versions 7.3, 7.31, 7.32, 7.33, 7.54, can change the price of the product to zero and also checkout, by injecting an HTML code in the application that will be executed whenever the victim logs in to t...
Sap E-commerce 7.30
Sap E-commerce 7.32
Sap E-commerce 7.33
Sap E-commerce 7.54
Sap E-commerce 7.31
4.3
CVSSv2
CVE-2019-0298
SAP E-Commerce (Business-to-Consumer) application does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Fixed in the following components SAP-CRMJAV SAP-CRMWEB SAP-SHRWEB SAP-SHRJAV SAP-CRMAPP SAP-SHRAPP, versions 7.30, 7.31, ...
Sap E-commerce 7.30
Sap E-commerce 7.31
Sap E-commerce 7.32
Sap E-commerce 7.33
Sap E-commerce 7.54
4.3
CVSSv2
CVE-2004-2084
Cross-site scripting (XSS) vulnerability in search.php in JShop E-Commerce Server allows remote malicious users to inject arbitrary web script or HTML via the xSearch parameter.
Jshop E-commerce Jshop Server 1.0.1
Jshop E-commerce Jshop Server 1.0.2
Jshop E-commerce Jshop Server 1.0.3
Jshop E-commerce Jshop Server 1.0.4
Jshop E-commerce Jshop Professional 3.3
Jshop E-commerce Jshop Professional 3.4
Jshop E-commerce Jshop Professional 3.0
Jshop E-commerce Jshop Professional 3.1
Jshop E-commerce Jshop Professional 3.2
Jshop E-commerce Jshop Server 1.1.0
Jshop E-commerce Jshop Server 1.2.0
NA
CVE-2023-1507
A vulnerability has been found in SourceCodester E-Commerce System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /ecommerce/admin/category/controller.php of the component Category Name Handler. The manipulation of the ar...
E-commerce System Project E-commerce System 1.0
NA
CVE-2023-1569
A vulnerability classified as problematic was found in SourceCodester E-Commerce System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/user/controller.php?action=edit. The manipulation of the argument U_NAME with the input <script>alert(...
E-commerce System Project E-commerce System 1.0
7.5
CVSSv2
CVE-2007-6292
SQL injection vulnerability in leggi_commenti.asp in MWOpen 1.4 and previous versions allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Mwopen E-commerce 0
Mwopen E-commerce 1.4
1 EDB exploit
NA
CVE-2023-1557
A vulnerability was found in SourceCodester E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /ecommerce/admin/user/controller.php?action=edit of the component Username Handler. The manipulation of the argument ...
E-commerce System Project E-commerce System 1.0
7.5
CVSSv2
CVE-2007-5801
Unspecified vulnerability in WORK system e-commerce prior to 4.0.2 has unknown impact and attack vectors related to "Ajax pages."
Work System E-commerce Work System E-commerce
3.5
CVSSv2
CVE-2022-27330
A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_product of E-Commerce Website v1.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Title text field.
E-commerce Website Project E-commerce Website 1.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »