Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1941+ Articles
150+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
18 articles

#E-Commerce

All CosmicBytez Labs articles tagged #E-Commerce, across news, security advisories, how-to guides, and projects.

  • SecurityJul 12, 2026

    CVE-2026-15490: SQL Injection in TOKO-ONLINE-ROTI Product Add Endpoint

    A high-severity SQL injection vulnerability in the TOKO-ONLINE-ROTI PHP bakery system allows remote attackers to manipulate the kode_produk and kd_cs parameters in proses/add.php, enabling database compromise.

  • SecurityJul 10, 2026

    CVE-2026-5955: BiEticaret E-Commerce SQL Injection (CVSS 9.8)

    A critical SQL injection vulnerability in Inrove Software's BiEticaret e-commerce platform (versions before v3.3.57) allows unauthenticated attackers to...

  • SecurityJul 5, 2026

    SQL Injection in Multi-Vendor Online Grocery Management System (CVE-2026-14695)

    A high-severity SQL injection vulnerability in SourceCodester's Multi-Vendor Online Grocery Management System 1.0 allows remote attackers to manipulate...

  • SecurityJul 5, 2026

    SQL Injection in Pizzafy E-Commerce System Exposes Order Data (CVE-2026-14713)

    A remotely exploitable SQL injection flaw in SourceCodester Pizzafy E-Commerce System 1.0 allows attackers to manipulate the confirm_order endpoint via an...

  • SecurityJun 15, 2026

    CVE-2026-12204: ShopXO Scheduled Task Authorization Bypass

    A CVSS 7.3 authorization bypass vulnerability in ShopXO up to 6.7.1 allows unauthenticated access to scheduled task endpoints in the Crontab controller,...

  • NewsJun 11, 2026

    Coupang Hit with Record $409 Million Data Breach Fine in South Korea

    South Korea's Personal Information Protection Commission has fined e-commerce giant Coupang a record 624.6 billion won — approximately $409 million —...

  • SecurityMay 27, 2026

    CVE-2026-45247 — Mirasvit Magento 2 Cache Warmer PHP Object Injection RCE

    CVSS 9.8 PHP object injection in Mirasvit Full Page Cache Warmer for Magento 2 lets unauthenticated attackers achieve RCE — patch to 1.11.12 now.

  • SecurityMay 19, 2026

    CVE-2026-39079: PrestaShop UPS Shipping Module Sensitive

    CVE-2026-39079 is a CVSS 7.5 (High) information disclosure vulnerability in the PrestaShop upsshipping module affecting all versions through 2.4.0. Remote...

  • SecurityMay 15, 2026

    Critical Blind SQL Injection in Akilli E-Commerce Website

    A CVSS 9.8 blind SQL injection vulnerability in Akilli Commerce's e-commerce platform allows unauthenticated attackers to extract the entire database...

  • SecurityMay 15, 2026

    Critical Session Hijacking via Auth Bypass in Akilli

    CVE-2026-2347 is a CVSS 9.8 authorization bypass in Akilli's e-commerce platform, allowing attackers to hijack authenticated sessions by manipulating...

  • SecurityMay 15, 2026

    CVE-2026-44212: PrestaShop Stored XSS in Customer Service

    A stored Cross-Site Scripting vulnerability (CVSS 9.3) in PrestaShop's back-office Customer Service view allows unauthenticated attackers to inject...

  • SecurityMay 14, 2026

    CVE-2026-44377: CubeCart Authenticated SSTI via Smarty

    An authenticated Server-Side Template Injection vulnerability in CubeCart prior to 6.7.0 allows attackers with API key access to execute arbitrary code...

  • SecurityMay 14, 2026

    CVE-2026-45053: CubeCart REST API Arbitrary PHP File Upload

    A critical arbitrary file upload vulnerability in CubeCart's REST API File Manager allows holders of a files:rw API key to upload PHP webshells to the web...

  • NewsMay 13, 2026

    Škoda Warns of Customer Data Breach After Online Shop Hack

    Škoda Auto, the Czech automaker wholly owned by Volkswagen Group, has disclosed a data breach after attackers compromised its official online shop and...

  • NewsMay 11, 2026

    Skoda Data Breach Hits Online Shop Customers

    Hackers exploited a vulnerability in Skoda's online shop portal to access customer personal data including names, addresses, email addresses, and phone...

  • NewsApr 8, 2026

    Hackers Use Pixel-Large SVG Trick to Hide Credit Card

    A massive campaign targeting nearly 100 Magento e-commerce stores embeds credit card-stealing JavaScript inside a pixel-sized SVG image, bypassing visual...

  • NewsMar 26, 2026

    PolyShell Attacks Target 56% of All Vulnerable Magento

    Mass exploitation is underway against Magento 2 and Adobe Commerce installations using the 'PolyShell' polyglot file upload vulnerability, with attackers...

  • NewsMar 26, 2026

    WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites

    Cybersecurity researchers have uncovered a sophisticated new payment skimmer that weaponises WebRTC data channels to exfiltrate stolen credit card data...