E-Commerce Site Using PHP PDO 1.0 Directory Traversal

============================================================================================================================================= | Title : E-Commerce Site using PHP PDO v1.0 Directory traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

Security Bulletin: IBM Storage Ceph is vulnerable to Cross-site Scripting in Ceph (CVE-2018-20677, CVE-2018-20676, CVE-2019-8331, CVE-2018-14042, CVE-2018-14040, CVE-2016-10735)

Summary Bootstrap is used by IBM Storage Ceph as part of Ceph Storage. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Ceph. CVE-2018-20677, CVE-2018-20676, CVE-2019-8331, CVE-2018-14042, CVE-2018-14040, CVE-2016-10735. Vulnerability Details...

CVE-2024-6547

The Add Admin CSS plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0.1. This is due to the plugin utilizing bootstrap and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to retrieve the full path of t...

CVE-2024-6546

The One Click Close Comments plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.7.1. This is due to the plugin utilizing bootstrap and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to retrieve the ful...

CVE-2024-6545

The Admin Trim Interface plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.5.1. This is due to the plugin utilizing bootstrap and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to retrieve the full pa...

CVE-2024-6549

CVE-2024-6549 (Admin Post Navigation, WordPress) enables unauthenticated full path disclosure in all versions up to 2.1 due to bootstrap usage and test files with display_errors enabled. This Information Exposure is not by itself destructive but can aid other attacks; exploitation requires anothe...

CVE-2024-6549 Admin Post Navigation <= 2.1 - Unauthenticated Full Path Disclosure

The Admin Post Navigation plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.1. This is due to the plugin utilizing bootstrap and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to retrieve the full pat...

CVE-2024-6545 Admin Trim Interface <= 3.5.1 - Unauthenticated Full Path Disclosure

The Admin Trim Interface plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.5.1. This is due to the plugin utilizing bootstrap and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to retrieve the full pa...

CVE-2024-6545 Admin Trim Interface <= 3.5.1 - Unauthenticated Full Path Disclosure

The Admin Trim Interface plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.5.1. This is due to the plugin utilizing bootstrap and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to retrieve the full pa...

CVE-2024-6548 Add Admin JavaScript <= 2.0 - Unauthenticated Full Path Dislcosure

The Add Admin JavaScript plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0. This is due to the plugin utilizing bootstrap and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to retrieve the full path...

CVE-2024-6547 Add Admin CSS <= 2.0.1 - Unauthenticated Full Path Dislcosure

The Add Admin CSS plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0.1. This is due to the plugin utilizing bootstrap and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to retrieve the full path of t...

CVE-2024-6547

CVE-2024-6547 affects the Add Admin CSS plugin for WordPress (versions up to and including 2.0.1). The issue is Full Path Disclosure caused by the plugin using bootstrap and leaving test files with display_errors on, enabling unauthenticated access to the web app’s full filesystem path. The discl...

CVE-2024-6547 Add Admin CSS <= 2.0.1 - Unauthenticated Full Path Dislcosure

The Add Admin CSS plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0.1. This is due to the plugin utilizing bootstrap and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to retrieve the full path of t...

PT-2024-37704 · WordPress · Add Admin Css

Name of the Vulnerable Software and Affected Versions: Add Admin CSS plugin for WordPress versions up to, and including, 2.0.1 Description: The issue is related to Full Path Disclosure, which occurs because the plugin uses bootstrap and leaves test files with display errors on. This allows...

CVE-2024-7067

A vulnerability was found in kirilkirkov Ecommerce-Laravel-Bootstrap up to 1f1097a3448ce8ec53e034ea0f70b8e2a0e64a87. It has been rated as critical. Affected by this issue is the function getCartProductsIds of the file app/Cart.php. The manipulation of the argument laraCart leads to deserializatio...

CVE-2024-7067

A vulnerability was found in kirilkirkov Ecommerce-Laravel-Bootstrap up to 1f1097a3448ce8ec53e034ea0f70b8e2a0e64a87. It has been rated as critical. Affected by this issue is the function getCartProductsIds of the file app/Cart.php. The manipulation of the argument laraCart leads to deserializatio...

CVE-2024-7067 kirilkirkov Ecommerce-Laravel-Bootstrap Cart.php getCartProductsIds deserialization

A vulnerability was found in kirilkirkov Ecommerce-Laravel-Bootstrap up to 1f1097a3448ce8ec53e034ea0f70b8e2a0e64a87. It has been rated as critical. Affected by this issue is the function getCartProductsIds of the file app/Cart.php. The manipulation of the argument laraCart leads to deserializatio...

CVE-2024-7067 kirilkirkov Ecommerce-Laravel-Bootstrap Cart.php getCartProductsIds deserialization

A vulnerability was found in kirilkirkov Ecommerce-Laravel-Bootstrap up to 1f1097a3448ce8ec53e034ea0f70b8e2a0e64a87. It has been rated as critical. Affected by this issue is the function getCartProductsIds of the file app/Cart.php. The manipulation of the argument laraCart leads to deserializatio...

CVE-2024-7067

The CVE-2024-7067 entry concerns kirilkirkov Ecommerce-Laravel-Bootstrap (up to commit 1f1097a3448ce8ec53e034ea0f70b8e2a0e64a87). The vulnerability is in the function getCartProductsIds in app/Cart.php, where manipulating the laraCart argument leads to deserialization. This is described as a remo...

kirilkirkov Ecommerce-Laravel-Bootstrap 代码问题漏洞

kirilkirkov Ecommerce-Laravel-Bootstrap is a responsive, multi-vendor, multi-language online store platform shopping cart solution kirilkirkov Ecommerce-Laravel-Bootstrap suffers from a code issue vulnerability that stems from the fact that manipulation of the parameter laraCart can lead to...