All CosmicBytez Labs articles tagged #E-Commerce, across news, security advisories, how-to guides, and projects.
A high-severity SQL injection vulnerability in the TOKO-ONLINE-ROTI PHP bakery system allows remote attackers to manipulate the kode_produk and kd_cs parameters in proses/add.php, enabling database compromise.
A critical SQL injection vulnerability in Inrove Software's BiEticaret e-commerce platform (versions before v3.3.57) allows unauthenticated attackers to...
A high-severity SQL injection vulnerability in SourceCodester's Multi-Vendor Online Grocery Management System 1.0 allows remote attackers to manipulate...
A remotely exploitable SQL injection flaw in SourceCodester Pizzafy E-Commerce System 1.0 allows attackers to manipulate the confirm_order endpoint via an...
A CVSS 7.3 authorization bypass vulnerability in ShopXO up to 6.7.1 allows unauthenticated access to scheduled task endpoints in the Crontab controller,...
South Korea's Personal Information Protection Commission has fined e-commerce giant Coupang a record 624.6 billion won — approximately $409 million —...
CVSS 9.8 PHP object injection in Mirasvit Full Page Cache Warmer for Magento 2 lets unauthenticated attackers achieve RCE — patch to 1.11.12 now.
CVE-2026-39079 is a CVSS 7.5 (High) information disclosure vulnerability in the PrestaShop upsshipping module affecting all versions through 2.4.0. Remote...
A CVSS 9.8 blind SQL injection vulnerability in Akilli Commerce's e-commerce platform allows unauthenticated attackers to extract the entire database...
CVE-2026-2347 is a CVSS 9.8 authorization bypass in Akilli's e-commerce platform, allowing attackers to hijack authenticated sessions by manipulating...
A stored Cross-Site Scripting vulnerability (CVSS 9.3) in PrestaShop's back-office Customer Service view allows unauthenticated attackers to inject...
An authenticated Server-Side Template Injection vulnerability in CubeCart prior to 6.7.0 allows attackers with API key access to execute arbitrary code...
A critical arbitrary file upload vulnerability in CubeCart's REST API File Manager allows holders of a files:rw API key to upload PHP webshells to the web...
Škoda Auto, the Czech automaker wholly owned by Volkswagen Group, has disclosed a data breach after attackers compromised its official online shop and...
Hackers exploited a vulnerability in Skoda's online shop portal to access customer personal data including names, addresses, email addresses, and phone...
A massive campaign targeting nearly 100 Magento e-commerce stores embeds credit card-stealing JavaScript inside a pixel-sized SVG image, bypassing visual...
Mass exploitation is underway against Magento 2 and Adobe Commerce installations using the 'PolyShell' polyglot file upload vulnerability, with attackers...
Cybersecurity researchers have uncovered a sophisticated new payment skimmer that weaponises WebRTC data channels to exfiltrate stolen credit card data...