E Commerce Website
Monthly
Authorization bypass in Akilli Commerce E-Commerce Website before 4.5.001 allows remote unauthenticated attackers to hijack user sessions through user-controlled key manipulation. The vulnerability enables complete system compromise with high impact to confidentiality, integrity, and availability. Turkish national CERT (TR-CERT) published an advisory, indicating regional significance. No public exploit code or CISA KEV listing identified at time of analysis, but the CVSS 9.8 Critical rating and network-accessible, unauthenticated attack vector suggest this is highly exploitable if the platform is internet-facing.
Remote unauthenticated SQL injection in Akilli Commerce Software Technologies E-Commerce Website before version 4.5.001 allows complete database compromise without authentication. The vulnerability permits blind SQL injection attacks with network-level access and low complexity (CVSS:3.1 AV:N/AC:L/PR:N/UI:N), achieving full confidentiality, integrity, and availability impact (9.8 critical severity). TR-CERT (Turkish national CERT) published this advisory, indicating regional significance for Turkish e-commerce deployments. No public exploit identified at time of analysis, with EPSS risk data and CISA KEV status unavailable for initial assessment.
SQL injection in Akilli Commerce E-Commerce Website versions before 4.5.001 allows remote unauthenticated attackers to execute arbitrary SQL commands with complete database access. The vulnerability permits extraction of sensitive customer and transaction data, modification of product catalogs and pricing, and potential complete system compromise. CVSS score of 9.8 (Critical) reflects network-accessible exploitation requiring no authentication or user interaction, though no active exploitation has been reported in CISA KEV and EPSS data is not available.
Stored cross-site scripting (XSS) in code-projects E-Commerce Website 1.0 allows remote attackers to inject malicious scripts via the supp_name or supp_address parameters in /pages/supplier_update.php. Exploitation requires user interaction (clicking a malicious link) but no authentication. Publicly available exploit code exists; real-world exploitation risk is low (EPSS 0.04%, CVSS 2.1) due to limited scope and required user interaction, but the vulnerability is disclosed and weaponizable.
Reflected cross-site scripting (XSS) in code-projects E-Commerce Website 1.0 allows remote attackers to inject malicious scripts via the prod_name, prod_desc, or prod_cost parameters in /pages/product_add.php. The vulnerability requires user interaction (UI:P per CVSS 4.0) but can be exploited remotely without authentication. Publicly available exploit code exists, though EPSS scoring (0.04%, percentile 11%) indicates low real-world exploitation probability despite public POC availability.
Reflected cross-site scripting (XSS) in code-projects E-Commerce Website 1.0 allows remote attackers to inject malicious scripts via the supp_name and supp_address parameters in /pages/supplier_add.php. The vulnerability requires user interaction (clicking a crafted link) but enables session hijacking, credential theft, and malware distribution. Publicly available exploit code exists; however, the EPSS score of 0.04% (11th percentile) indicates exploitation remains uncommon despite disclosure, likely due to limited deployment of this niche e-commerce platform.
SQL injection in code-projects E-Commerce Website 1.0 allows authenticated remote attackers to manipulate the prod_id parameter in /pages/product_add_qty.php, potentially leading to unauthorized database access or data disclosure. The vulnerability has a CVSS score of 2.1 with low impact across confidentiality, integrity, and availability, but public exploit code exists and may lower the exploitation barrier despite the requirement for prior authentication.
A vulnerability was determined in code-projects E-Commerce Website 1.0. The affected element is an unknown function of the file /pages/delete_order_details.php. Executing manipulation of the argument order_id can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
A vulnerability was found in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/user_index_search.php. Performing manipulation of the argument Search results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
A vulnerability was determined in code-projects E-Commerce Website 1.0. This affects an unknown part of the file /pages/supplier_update.php. This manipulation of the argument supp_id causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
SQL injection in E-Commerce Website 1.0 allows authenticated remote attackers to manipulate the supp_email parameter in /pages/supplier_add.php, achieving limited information disclosure and integrity violation. The vulnerability requires login credentials (PR:L in CVSS 4.0 vector) but can be exploited over the network with low complexity. Publicly available exploit code exists, though EPSS scoring (0.03%) suggests minimal real-world exploitation despite proof-of-concept availability.
SQL injection in E-Commerce Website 1.0 allows authenticated remote attackers to manipulate the prod_name parameter in /pages/product_add.php, leading to limited confidentiality, integrity, and availability impact. The vulnerability has low real-world risk despite public exploit availability due to low EPSS score (0.03%, 8th percentile) and requirement for prior authentication, suggesting exploitation is unlikely in typical deployments.
A vulnerability was detected in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/edit_order_details.php. The manipulation of the argument order_id results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
Authorization bypass in Akilli Commerce E-Commerce Website before 4.5.001 allows remote unauthenticated attackers to hijack user sessions through user-controlled key manipulation. The vulnerability enables complete system compromise with high impact to confidentiality, integrity, and availability. Turkish national CERT (TR-CERT) published an advisory, indicating regional significance. No public exploit code or CISA KEV listing identified at time of analysis, but the CVSS 9.8 Critical rating and network-accessible, unauthenticated attack vector suggest this is highly exploitable if the platform is internet-facing.
Remote unauthenticated SQL injection in Akilli Commerce Software Technologies E-Commerce Website before version 4.5.001 allows complete database compromise without authentication. The vulnerability permits blind SQL injection attacks with network-level access and low complexity (CVSS:3.1 AV:N/AC:L/PR:N/UI:N), achieving full confidentiality, integrity, and availability impact (9.8 critical severity). TR-CERT (Turkish national CERT) published this advisory, indicating regional significance for Turkish e-commerce deployments. No public exploit identified at time of analysis, with EPSS risk data and CISA KEV status unavailable for initial assessment.
SQL injection in Akilli Commerce E-Commerce Website versions before 4.5.001 allows remote unauthenticated attackers to execute arbitrary SQL commands with complete database access. The vulnerability permits extraction of sensitive customer and transaction data, modification of product catalogs and pricing, and potential complete system compromise. CVSS score of 9.8 (Critical) reflects network-accessible exploitation requiring no authentication or user interaction, though no active exploitation has been reported in CISA KEV and EPSS data is not available.
Stored cross-site scripting (XSS) in code-projects E-Commerce Website 1.0 allows remote attackers to inject malicious scripts via the supp_name or supp_address parameters in /pages/supplier_update.php. Exploitation requires user interaction (clicking a malicious link) but no authentication. Publicly available exploit code exists; real-world exploitation risk is low (EPSS 0.04%, CVSS 2.1) due to limited scope and required user interaction, but the vulnerability is disclosed and weaponizable.
Reflected cross-site scripting (XSS) in code-projects E-Commerce Website 1.0 allows remote attackers to inject malicious scripts via the prod_name, prod_desc, or prod_cost parameters in /pages/product_add.php. The vulnerability requires user interaction (UI:P per CVSS 4.0) but can be exploited remotely without authentication. Publicly available exploit code exists, though EPSS scoring (0.04%, percentile 11%) indicates low real-world exploitation probability despite public POC availability.
Reflected cross-site scripting (XSS) in code-projects E-Commerce Website 1.0 allows remote attackers to inject malicious scripts via the supp_name and supp_address parameters in /pages/supplier_add.php. The vulnerability requires user interaction (clicking a crafted link) but enables session hijacking, credential theft, and malware distribution. Publicly available exploit code exists; however, the EPSS score of 0.04% (11th percentile) indicates exploitation remains uncommon despite disclosure, likely due to limited deployment of this niche e-commerce platform.
SQL injection in code-projects E-Commerce Website 1.0 allows authenticated remote attackers to manipulate the prod_id parameter in /pages/product_add_qty.php, potentially leading to unauthorized database access or data disclosure. The vulnerability has a CVSS score of 2.1 with low impact across confidentiality, integrity, and availability, but public exploit code exists and may lower the exploitation barrier despite the requirement for prior authentication.
A vulnerability was determined in code-projects E-Commerce Website 1.0. The affected element is an unknown function of the file /pages/delete_order_details.php. Executing manipulation of the argument order_id can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
A vulnerability was found in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/user_index_search.php. Performing manipulation of the argument Search results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
A vulnerability was determined in code-projects E-Commerce Website 1.0. This affects an unknown part of the file /pages/supplier_update.php. This manipulation of the argument supp_id causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
SQL injection in E-Commerce Website 1.0 allows authenticated remote attackers to manipulate the supp_email parameter in /pages/supplier_add.php, achieving limited information disclosure and integrity violation. The vulnerability requires login credentials (PR:L in CVSS 4.0 vector) but can be exploited over the network with low complexity. Publicly available exploit code exists, though EPSS scoring (0.03%) suggests minimal real-world exploitation despite proof-of-concept availability.
SQL injection in E-Commerce Website 1.0 allows authenticated remote attackers to manipulate the prod_name parameter in /pages/product_add.php, leading to limited confidentiality, integrity, and availability impact. The vulnerability has low real-world risk despite public exploit availability due to low EPSS score (0.03%, 8th percentile) and requirement for prior authentication, suggesting exploitation is unlikely in typical deployments.
A vulnerability was detected in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/edit_order_details.php. The manipulation of the argument order_id results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.