E Commerce
Monthly
A security flaw has been discovered in detronetdip E-commerce 1.0.0. The impacted element is the function Delete/Update of the component Product Management Module. [CVSS 5.4 MEDIUM]
Detronetdip E-commerce 1.0.0 contains an authentication bypass vulnerability in the seller account creation endpoint that allows unauthenticated remote attackers to manipulate the email parameter and gain unauthorized access. The vulnerability affects PHP-based e-commerce installations and has public exploit code available, though no patch is currently available from the vendor.
Unrestricted file upload in detronetdip E-commerce 1.0.0 via the /seller/assets/backend/profile/addadhar.php endpoint allows unauthenticated remote attackers to upload arbitrary files. Public exploit code exists for this vulnerability, and the vendor has not yet released a patch despite early notification.
A DOM-based cross-site scripting vulnerability exists in electic-shop v1.0 (Bhabishya-123/E-commerce). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A security flaw has been discovered in detronetdip E-commerce 1.0.0. The impacted element is the function Delete/Update of the component Product Management Module. [CVSS 5.4 MEDIUM]
Detronetdip E-commerce 1.0.0 contains an authentication bypass vulnerability in the seller account creation endpoint that allows unauthenticated remote attackers to manipulate the email parameter and gain unauthorized access. The vulnerability affects PHP-based e-commerce installations and has public exploit code available, though no patch is currently available from the vendor.
Unrestricted file upload in detronetdip E-commerce 1.0.0 via the /seller/assets/backend/profile/addadhar.php endpoint allows unauthenticated remote attackers to upload arbitrary files. Public exploit code exists for this vulnerability, and the vendor has not yet released a patch despite early notification.
A DOM-based cross-site scripting vulnerability exists in electic-shop v1.0 (Bhabishya-123/E-commerce). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.