Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    18 vulnerabilities by bijiadao

    CVE-2018-18261 (GCVE-0-2018-18261)

    Vulnerability from cvelistv5 – Published: 2019-04-14 17:12 – Updated: 2024-08-05 11:08
    VLAI
    Summary
    In waimai Super Cms 20150505, there is an XSS vulnerability via the /admin.php/Foodcat/addsave fcname parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/caokang/waimai/issues/7 x_refsource_MISC
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:08:20.412Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/caokang/waimai/issues/7"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In waimai Super Cms 20150505, there is an XSS vulnerability via the /admin.php/Foodcat/addsave fcname parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-14T17:12:13.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/caokang/waimai/issues/7"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-18261",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In waimai Super Cms 20150505, there is an XSS vulnerability via the /admin.php/Foodcat/addsave fcname parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/caokang/waimai/issues/7",
                  "refsource": "MISC",
                  "url": "https://github.com/caokang/waimai/issues/7"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-18261",
        "datePublished": "2019-04-14T17:12:13.000Z",
        "dateReserved": "2018-10-11T00:00:00.000Z",
        "dateUpdated": "2024-08-05T11:08:20.412Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-7585 (GCVE-0-2019-7585)

    Vulnerability from cvelistv5 – Published: 2019-02-07 18:00 – Updated: 2024-08-04 20:54
    VLAI
    Summary
    An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/PublicAction.class.php allows time-based SQL Injection via the param array parameter to the /index.php?m=public&a=checkemail URI.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2019-02-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:54:28.257Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/caokang/waimai/issues/11"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2019-02-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/PublicAction.class.php allows time-based SQL Injection via the param array parameter to the /index.php?m=public\u0026a=checkemail URI."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-07T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/caokang/waimai/issues/11"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-7585",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/PublicAction.class.php allows time-based SQL Injection via the param array parameter to the /index.php?m=public\u0026a=checkemail URI."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/caokang/waimai/issues/11",
                  "refsource": "MISC",
                  "url": "https://github.com/caokang/waimai/issues/11"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-7585",
        "datePublished": "2019-02-07T18:00:00.000Z",
        "dateReserved": "2019-02-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:54:28.257Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-7567 (GCVE-0-2019-7567)

    Vulnerability from cvelistv5 – Published: 2019-02-07 07:00 – Updated: 2024-08-04 20:54
    VLAI
    Summary
    An issue was discovered in Waimai Super Cms 20150505. admin.php?m=Member&a=adminaddsave has XSS via the username or password parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2019-02-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:54:27.891Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/caokang/waimai/issues/10"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2019-02-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in Waimai Super Cms 20150505. admin.php?m=Member\u0026a=adminaddsave has XSS via the username or password parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-07T06:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/caokang/waimai/issues/10"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-7567",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in Waimai Super Cms 20150505. admin.php?m=Member\u0026a=adminaddsave has XSS via the username or password parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/caokang/waimai/issues/10",
                  "refsource": "MISC",
                  "url": "https://github.com/caokang/waimai/issues/10"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-7567",
        "datePublished": "2019-02-07T07:00:00.000Z",
        "dateReserved": "2019-02-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:54:27.891Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3577 (GCVE-0-2019-3577)

    Vulnerability from cvelistv5 – Published: 2019-01-02 17:00 – Updated: 2024-09-16 22:02
    VLAI
    Summary
    An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/ProductAction.class.php allows blind SQL Injection via the id[0] parameter to the /product URI.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/caokang/waimai/issues/9 x_refsource_MISC
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.468Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/caokang/waimai/issues/9"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/ProductAction.class.php allows blind SQL Injection via the id[0] parameter to the /product URI."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-02T17:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/caokang/waimai/issues/9"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-3577",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/ProductAction.class.php allows blind SQL Injection via the id[0] parameter to the /product URI."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/caokang/waimai/issues/9",
                  "refsource": "MISC",
                  "url": "https://github.com/caokang/waimai/issues/9"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-3577",
        "datePublished": "2019-01-02T17:00:00.000Z",
        "dateReserved": "2019-01-02T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:02:34.923Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-18622 (GCVE-0-2018-18622)

    Vulnerability from cvelistv5 – Published: 2018-10-23 18:00 – Updated: 2024-09-17 03:18
    VLAI
    Summary
    An issue was discovered in Waimai Super Cms 20150505. There is XSS via the index.php?m=public&a=doregister username parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/caokang/waimai/issues/8 x_refsource_MISC
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:15:59.669Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/caokang/waimai/issues/8"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in Waimai Super Cms 20150505. There is XSS via the index.php?m=public\u0026a=doregister username parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-23T18:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/caokang/waimai/issues/8"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-18622",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in Waimai Super Cms 20150505. There is XSS via the index.php?m=public\u0026a=doregister username parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/caokang/waimai/issues/8",
                  "refsource": "MISC",
                  "url": "https://github.com/caokang/waimai/issues/8"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-18622",
        "datePublished": "2018-10-23T18:00:00.000Z",
        "dateReserved": "2018-10-23T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:18:45.539Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-18082 (GCVE-0-2018-18082)

    Vulnerability from cvelistv5 – Published: 2018-10-09 18:00 – Updated: 2024-08-05 11:01
    VLAI
    Summary
    XSS exists in Waimai Super Cms 20150505 via the fname parameter to the admin.php?m=Food&a=addsave or admin.php?m=Food&a=editsave URI.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/caokang/waimai/issues/6 x_refsource_MISC
    Date Public
    2018-10-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:01:14.900Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/caokang/waimai/issues/6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-10-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "XSS exists in Waimai Super Cms 20150505 via the fname parameter to the admin.php?m=Food\u0026a=addsave or admin.php?m=Food\u0026a=editsave URI."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T17:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/caokang/waimai/issues/6"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-18082",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "XSS exists in Waimai Super Cms 20150505 via the fname parameter to the admin.php?m=Food\u0026a=addsave or admin.php?m=Food\u0026a=editsave URI."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/caokang/waimai/issues/6",
                  "refsource": "MISC",
                  "url": "https://github.com/caokang/waimai/issues/6"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-18082",
        "datePublished": "2018-10-09T18:00:00.000Z",
        "dateReserved": "2018-10-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T11:01:14.900Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-16315 (GCVE-0-2018-16315)

    Vulnerability from cvelistv5 – Published: 2018-09-01 18:00 – Updated: 2024-08-05 10:17
    VLAI
    Summary
    In waimai Super Cms 20150505, there is a CSRF vulnerability that can change the configuration via admin.php?m=Config&a=add.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/caokang/waimai/issues/3 x_refsource_MISC
    Date Public
    2018-09-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:17:38.608Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/caokang/waimai/issues/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-09-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In waimai Super Cms 20150505, there is a CSRF vulnerability that can change the configuration via admin.php?m=Config\u0026a=add."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-01T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/caokang/waimai/issues/3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-16315",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In waimai Super Cms 20150505, there is a CSRF vulnerability that can change the configuration via admin.php?m=Config\u0026a=add."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/caokang/waimai/issues/3",
                  "refsource": "MISC",
                  "url": "https://github.com/caokang/waimai/issues/3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-16315",
        "datePublished": "2018-09-01T18:00:00.000Z",
        "dateReserved": "2018-09-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T10:17:38.608Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-16157 (GCVE-0-2018-16157)

    Vulnerability from cvelistv5 – Published: 2018-08-30 13:00 – Updated: 2024-08-05 10:17
    VLAI
    Summary
    waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=cart&a=save item_totals parameter to zero, the entire cart is sold for free.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/caokang/waimai/issues/5 x_refsource_MISC
    Date Public
    2018-08-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:17:38.270Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/caokang/waimai/issues/5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-08-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=cart\u0026a=save item_totals parameter to zero, the entire cart is sold for free."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-30T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/caokang/waimai/issues/5"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-16157",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=cart\u0026a=save item_totals parameter to zero, the entire cart is sold for free."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/caokang/waimai/issues/5",
                  "refsource": "MISC",
                  "url": "https://github.com/caokang/waimai/issues/5"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-16157",
        "datePublished": "2018-08-30T13:00:00.000Z",
        "dateReserved": "2018-08-29T00:00:00.000Z",
        "dateUpdated": "2024-08-05T10:17:38.270Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-15570 (GCVE-0-2018-15570)

    Vulnerability from cvelistv5 – Published: 2018-08-20 01:00 – Updated: 2024-08-05 10:01
    VLAI
    Summary
    In waimai Super Cms 20150505, there is stored XSS via the /admin.php/Foodcat/editsave fcname parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/caokang/waimai/issues/4 x_refsource_MISC
    Date Public
    2018-08-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:01:53.288Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/caokang/waimai/issues/4"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-08-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In waimai Super Cms 20150505, there is stored XSS via the /admin.php/Foodcat/editsave fcname parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-20T01:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/caokang/waimai/issues/4"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-15570",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In waimai Super Cms 20150505, there is stored XSS via the /admin.php/Foodcat/editsave fcname parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/caokang/waimai/issues/4",
                  "refsource": "MISC",
                  "url": "https://github.com/caokang/waimai/issues/4"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-15570",
        "datePublished": "2018-08-20T01:00:00.000Z",
        "dateReserved": "2018-08-19T00:00:00.000Z",
        "dateUpdated": "2024-08-05T10:01:53.288Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-18261 (GCVE-0-2018-18261)

    Vulnerability from nvd – Published: 2019-04-14 17:12 – Updated: 2024-08-05 11:08
    VLAI
    Summary
    In waimai Super Cms 20150505, there is an XSS vulnerability via the /admin.php/Foodcat/addsave fcname parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/caokang/waimai/issues/7 x_refsource_MISC
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:08:20.412Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/caokang/waimai/issues/7"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In waimai Super Cms 20150505, there is an XSS vulnerability via the /admin.php/Foodcat/addsave fcname parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-14T17:12:13.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/caokang/waimai/issues/7"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-18261",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In waimai Super Cms 20150505, there is an XSS vulnerability via the /admin.php/Foodcat/addsave fcname parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/caokang/waimai/issues/7",
                  "refsource": "MISC",
                  "url": "https://github.com/caokang/waimai/issues/7"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-18261",
        "datePublished": "2019-04-14T17:12:13.000Z",
        "dateReserved": "2018-10-11T00:00:00.000Z",
        "dateUpdated": "2024-08-05T11:08:20.412Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-7585 (GCVE-0-2019-7585)

    Vulnerability from nvd – Published: 2019-02-07 18:00 – Updated: 2024-08-04 20:54
    VLAI
    Summary
    An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/PublicAction.class.php allows time-based SQL Injection via the param array parameter to the /index.php?m=public&a=checkemail URI.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2019-02-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:54:28.257Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/caokang/waimai/issues/11"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2019-02-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/PublicAction.class.php allows time-based SQL Injection via the param array parameter to the /index.php?m=public\u0026a=checkemail URI."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-07T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/caokang/waimai/issues/11"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-7585",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/PublicAction.class.php allows time-based SQL Injection via the param array parameter to the /index.php?m=public\u0026a=checkemail URI."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/caokang/waimai/issues/11",
                  "refsource": "MISC",
                  "url": "https://github.com/caokang/waimai/issues/11"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-7585",
        "datePublished": "2019-02-07T18:00:00.000Z",
        "dateReserved": "2019-02-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:54:28.257Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-7567 (GCVE-0-2019-7567)

    Vulnerability from nvd – Published: 2019-02-07 07:00 – Updated: 2024-08-04 20:54
    VLAI
    Summary
    An issue was discovered in Waimai Super Cms 20150505. admin.php?m=Member&a=adminaddsave has XSS via the username or password parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2019-02-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:54:27.891Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/caokang/waimai/issues/10"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2019-02-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in Waimai Super Cms 20150505. admin.php?m=Member\u0026a=adminaddsave has XSS via the username or password parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-07T06:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/caokang/waimai/issues/10"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-7567",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in Waimai Super Cms 20150505. admin.php?m=Member\u0026a=adminaddsave has XSS via the username or password parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/caokang/waimai/issues/10",
                  "refsource": "MISC",
                  "url": "https://github.com/caokang/waimai/issues/10"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-7567",
        "datePublished": "2019-02-07T07:00:00.000Z",
        "dateReserved": "2019-02-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:54:27.891Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3577 (GCVE-0-2019-3577)

    Vulnerability from nvd – Published: 2019-01-02 17:00 – Updated: 2024-09-16 22:02
    VLAI
    Summary
    An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/ProductAction.class.php allows blind SQL Injection via the id[0] parameter to the /product URI.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/caokang/waimai/issues/9 x_refsource_MISC
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.468Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/caokang/waimai/issues/9"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/ProductAction.class.php allows blind SQL Injection via the id[0] parameter to the /product URI."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-02T17:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/caokang/waimai/issues/9"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-3577",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/ProductAction.class.php allows blind SQL Injection via the id[0] parameter to the /product URI."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/caokang/waimai/issues/9",
                  "refsource": "MISC",
                  "url": "https://github.com/caokang/waimai/issues/9"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-3577",
        "datePublished": "2019-01-02T17:00:00.000Z",
        "dateReserved": "2019-01-02T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:02:34.923Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-18622 (GCVE-0-2018-18622)

    Vulnerability from nvd – Published: 2018-10-23 18:00 – Updated: 2024-09-17 03:18
    VLAI
    Summary
    An issue was discovered in Waimai Super Cms 20150505. There is XSS via the index.php?m=public&a=doregister username parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/caokang/waimai/issues/8 x_refsource_MISC
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:15:59.669Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/caokang/waimai/issues/8"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in Waimai Super Cms 20150505. There is XSS via the index.php?m=public\u0026a=doregister username parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-23T18:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/caokang/waimai/issues/8"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-18622",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in Waimai Super Cms 20150505. There is XSS via the index.php?m=public\u0026a=doregister username parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/caokang/waimai/issues/8",
                  "refsource": "MISC",
                  "url": "https://github.com/caokang/waimai/issues/8"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-18622",
        "datePublished": "2018-10-23T18:00:00.000Z",
        "dateReserved": "2018-10-23T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:18:45.539Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-18082 (GCVE-0-2018-18082)

    Vulnerability from nvd – Published: 2018-10-09 18:00 – Updated: 2024-08-05 11:01
    VLAI
    Summary
    XSS exists in Waimai Super Cms 20150505 via the fname parameter to the admin.php?m=Food&a=addsave or admin.php?m=Food&a=editsave URI.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/caokang/waimai/issues/6 x_refsource_MISC
    Date Public
    2018-10-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:01:14.900Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/caokang/waimai/issues/6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-10-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "XSS exists in Waimai Super Cms 20150505 via the fname parameter to the admin.php?m=Food\u0026a=addsave or admin.php?m=Food\u0026a=editsave URI."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T17:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/caokang/waimai/issues/6"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-18082",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "XSS exists in Waimai Super Cms 20150505 via the fname parameter to the admin.php?m=Food\u0026a=addsave or admin.php?m=Food\u0026a=editsave URI."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/caokang/waimai/issues/6",
                  "refsource": "MISC",
                  "url": "https://github.com/caokang/waimai/issues/6"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-18082",
        "datePublished": "2018-10-09T18:00:00.000Z",
        "dateReserved": "2018-10-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T11:01:14.900Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-16315 (GCVE-0-2018-16315)

    Vulnerability from nvd – Published: 2018-09-01 18:00 – Updated: 2024-08-05 10:17
    VLAI
    Summary
    In waimai Super Cms 20150505, there is a CSRF vulnerability that can change the configuration via admin.php?m=Config&a=add.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/caokang/waimai/issues/3 x_refsource_MISC
    Date Public
    2018-09-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:17:38.608Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/caokang/waimai/issues/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-09-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In waimai Super Cms 20150505, there is a CSRF vulnerability that can change the configuration via admin.php?m=Config\u0026a=add."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-01T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/caokang/waimai/issues/3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-16315",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In waimai Super Cms 20150505, there is a CSRF vulnerability that can change the configuration via admin.php?m=Config\u0026a=add."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/caokang/waimai/issues/3",
                  "refsource": "MISC",
                  "url": "https://github.com/caokang/waimai/issues/3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-16315",
        "datePublished": "2018-09-01T18:00:00.000Z",
        "dateReserved": "2018-09-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T10:17:38.608Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-16157 (GCVE-0-2018-16157)

    Vulnerability from nvd – Published: 2018-08-30 13:00 – Updated: 2024-08-05 10:17
    VLAI
    Summary
    waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=cart&a=save item_totals parameter to zero, the entire cart is sold for free.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/caokang/waimai/issues/5 x_refsource_MISC
    Date Public
    2018-08-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:17:38.270Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/caokang/waimai/issues/5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-08-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=cart\u0026a=save item_totals parameter to zero, the entire cart is sold for free."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-30T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/caokang/waimai/issues/5"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-16157",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=cart\u0026a=save item_totals parameter to zero, the entire cart is sold for free."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/caokang/waimai/issues/5",
                  "refsource": "MISC",
                  "url": "https://github.com/caokang/waimai/issues/5"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-16157",
        "datePublished": "2018-08-30T13:00:00.000Z",
        "dateReserved": "2018-08-29T00:00:00.000Z",
        "dateUpdated": "2024-08-05T10:17:38.270Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-15570 (GCVE-0-2018-15570)

    Vulnerability from nvd – Published: 2018-08-20 01:00 – Updated: 2024-08-05 10:01
    VLAI
    Summary
    In waimai Super Cms 20150505, there is stored XSS via the /admin.php/Foodcat/editsave fcname parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/caokang/waimai/issues/4 x_refsource_MISC
    Date Public
    2018-08-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:01:53.288Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/caokang/waimai/issues/4"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-08-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In waimai Super Cms 20150505, there is stored XSS via the /admin.php/Foodcat/editsave fcname parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-20T01:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/caokang/waimai/issues/4"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-15570",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In waimai Super Cms 20150505, there is stored XSS via the /admin.php/Foodcat/editsave fcname parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/caokang/waimai/issues/4",
                  "refsource": "MISC",
                  "url": "https://github.com/caokang/waimai/issues/4"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-15570",
        "datePublished": "2018-08-20T01:00:00.000Z",
        "dateReserved": "2018-08-19T00:00:00.000Z",
        "dateUpdated": "2024-08-05T10:01:53.288Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }