EUVD-2024-34758

Malicious code in bioql PyPI...

WordPress Auto Affiliate Links Plugin <= 6.4.3.1 is vulnerable to SQL Injection

Software Auto Affiliate Links Type Plugin Vulnerable versions = 6.4.3.1 Fixed in 6.4.4 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-34386 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 901e8da7d177 Credits Do Truong Giang Required privilege Editor...

WordPress plugin Auto Affiliate Links SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

GHSA-XH55-2FQP-P775 Command injection in mail agent settings

Impact Command injection in mail agent settings Patches We recommend updating to the current version 6.4.3.1. You can get the update to 6.4.3.1 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/shopware-6 Workarounds For older versions of...

Command injection in mail agent settings

Impact Command injection in mail agent settings Patches We recommend updating to the current version 6.4.3.1. You can get the update to 6.4.3.1 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/shopware-6 Workarounds For older versions of...

Authenticated server-side request forgery in file upload via URL.

Impact Authenticated server-side request forgery in file upload via URL. Patches We recommend updating to the current version 6.4.3.1. You can get the update to 6.4.3.1 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/shopware-6 Workaround...

CVE-2021-37711

Versions prior to 6.4.3.1 contain an authenticated server-side request forgery vulnerability in file upload via URL. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin...

Server side request forgery (ssrf)

Versions prior to 6.4.3.1 contain an authenticated server-side request forgery vulnerability in file upload via URL. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin...

CVE-2021-37709

Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a vulnerability involving an insecure direct object reference of log files of the Import/Export feature. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding securit...

Shopware 日志信息泄露漏洞

Shopware is an open source e-commerce software.The import/export functionality in versions of Shopware prior to 6.4.3.1 is vulnerable to insecure direct object referencing of log files. No detailed vulnerability details are currently available...

Shopware 操作系统操作系统命令注入漏洞

Shopware is a suite of open source e-commerce software from the German company Shopware. versions of Shopware prior to 6.4.3.1 have a command injection vulnerability in the mail proxy settings. No detailed vulnerability details are currently available...

Atlassian Tempo 6.4.3 / JIRA 5.0.0 / Gliffy 3.7.0 - XML Parsing Denial of Service

source: https://www.securityfocus.com/bid/53595/info JIRA, and the Gliffy and Tempo plugins for JIRA are prone to a denial-of-service vulnerability because they fail to properly handle crafted XML data. Exploiting this issue allows remote attackers to cause denial-of-service conditions in the...