Data Manipulation

Prestashop tshirtecommerce SQL injection | CVE-2023-27637

NAME__________Prestashop tshirtecommerce SQL injectionPlatforms Affected:Paradox IPR512Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Prestashop tshirtecommerce module is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to designer.php script using the product_id…

Pacsrapor cross-site scripting | CVE-2023-1153

NAME__________Pacsrapor cross-site scriptingPlatforms Affected:Pacsrapor Pacsrapor 1.22Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Pacsrapor is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add,…

Prestashop tshirtecommerce SQL injection | CVE-2023-27638

NAME__________Prestashop tshirtecommerce SQL injectionPlatforms Affected:Paradox IPR512Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Prestashop tshirtecommerce module is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to function hookActionCartSave and updateCustomizationTable using…

DataGear SQL injection | CVE-2023-1571

NAME__________DataGear SQL injectionPlatforms Affected:Risk Level:6.3Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________DataGear is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to the /analysisProject/pagingQueryData endpoint using the queryOrder parameter, which…

novel-plus SQL injection | CVE-2023-1595

NAME__________novel-plus SQL injectionPlatforms Affected:Risk Level:4.7Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________novel-plus is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to the common/log/list endpoint using the sort and order…

novel-plus SQL injection | CVE-2023-1594

NAME__________novel-plus SQL injectionPlatforms Affected:Risk Level:7.3Exploitability:UnprovenConsequences:Data Manipulation DESCRIPTION__________novel-plus is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the MenuService function in the sys/menu/list endpoint, which could…

REBUILD SQL injection | CVE-2023-1495

NAME__________REBUILD SQL injectionPlatforms Affected:Risk Level:6.3Exploitability:UnprovenConsequences:Data Manipulation DESCRIPTION__________REBUILD is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to the queryListOfConfig function in the /admin/robot/approval/list endpoint, which…

IBOS SQL injection | CVE-2023-1494

NAME__________IBOS SQL injectionPlatforms Affected:Risk Level:6.3Exploitability:UnprovenConsequences:Data Manipulation DESCRIPTION__________IBOS is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to the ApiController.php script using the emailids parameter, which…

Simple Art Gallery SQL injection | CVE-2023-1499

NAME__________Simple Art Gallery SQL injectionPlatforms Affected:Risk Level:6.3Exploitability:UnprovenConsequences:Data Manipulation DESCRIPTION__________Simple Art Gallery is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to the adminHome.php script using…