Ayondip Jana

4 exploits Active since Feb 2026
CVE-2025-15582 WRITEUP MEDIUM WORKING POC
detronetdip E-commerce 1.0.0 - Auth Bypass
A security flaw has been discovered in detronetdip E-commerce 1.0.0. The impacted element is the function Delete/Update of the component Product Management Module. Performing a manipulation of the argument ID results in authorization bypass. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
CVSS 5.4
CVE-2025-15583 WRITEUP LOW WORKING POC
detronetdip E-commerce 1.0.0 - Cross-Site Scripting via get_safe_value Function
A weakness has been identified in detronetdip E-commerce 1.0.0. This affects the function get_safe_value of the file utility/function.php. Executing a manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
CVSS 3.5
CVE-2026-2164 WRITEUP HIGH WRITEUP
detronetdip E-commerce 1.0.0 - Unrestricted Upload
A security flaw has been discovered in detronetdip E-commerce 1.0.0. This issue affects some unknown processing of the file /seller/assets/backend/profile/addadhar.php. Performing a manipulation of the argument File results in unrestricted upload. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
CVSS 7.3
CVE-2026-2165 WRITEUP HIGH SUSPICIOUS
detronetdip E-commerce 1.0.0 - Info Disclosure
A weakness has been identified in detronetdip E-commerce 1.0.0. Impacted is an unknown function of the file /Admin/assets/backend/seller/add_seller.php of the component Account Creation Endpoint. Executing a manipulation of the argument email can lead to missing authentication. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
CVSS 7.3