CVE-2024-31823

CVE-2024-31823 affects Ecommerce-CodeIgniter-Bootstrap due to a code-execution flaw in the Publish.php component’s removeSecondaryImage method (commit d22b54e8915f167a135046ceb857caaf8479c4da). Remote attackers can trigger arbitrary code execution; CVSS 3.1 base score 8.8 (HIGH) with network acce...

Ecommerce-CodeIgniter-Bootstrap 安全漏洞

Ecommerce-CodeIgniter-Bootstrap is a responsive, multi-vendor, multi-language online store platform shopping cart solution. A security vulnerability exists in Ecommerce-CodeIgniter-Bootstrap that stems from an arbitrary code execution vulnerability in the manageQuantitiesAndProcurement method of...

Ecommerce-CodeIgniter-Bootstrap 安全漏洞

Ecommerce-CodeIgniter-Bootstrap is a responsive, multi-vendor, multi-language online store platform shopping cart solution. A security vulnerability exists in Ecommerce-CodeIgniter-Bootstrap, which stems from an arbitrary code execution vulnerability in the saveLanguageFiles method of the...

CVE-2024-31820

An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the getLangFolderForEdit method of the Languages.php component...

PT-2024-24229

Name of the Vulnerable Software and Affected Versions Ecommerce-CodeIgniter-Bootstrap version d22b54e8915f167a135046ceb857caaf8479c4da Description The issue allows a remote attacker to execute arbitrary code via the manageQuantitiesAndProcurement method of the Orders model.php component. This is ...

CVE-2024-31821

CVE-2024-31821 affects Ecommerce-CodeIgniter-Bootstrap. The issue is a SQL Injection in the manageQuantitiesAndProcurement method of the Orders_model.php component, triggered by commit d22b54e8915f167a135046ceb857caaf8479c4da. This allows a remote attacker to potentially execute arbitrary code. T...

CVE-2024-31822

The CVE-2024-31822 issue affects Ecommerce-CodeIgniter-Bootstrap and is triggered by the saveLanguageFiles method in the Languages.php component (commit d22b54e8915f167a135046ceb857caaf8479c4da). The vulnerability allows a remote attacker to execute arbitrary code, with a CVSS v3.1 base score of ...

Amazon Linux 2023 : javapackages-bootstrap (ALAS2023-2024-608)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-608 advisory. Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified Archiver/UnArchiver API. Prior to version 4.8.0, using AbstractUnArchiver for...

CVE-2021-36374 affecting package javapackages-bootstrap for versions less than 1.14.0-2

CVE-2021-36374 affecting package javapackages-bootstrap for versions less than 1.14.0-2. An upgraded version of the package is available that resolves this issue...

CVE-2021-36373 affecting package javapackages-bootstrap for versions less than 1.14.0-2

CVE-2021-36373 affecting package javapackages-bootstrap for versions less than 1.14.0-2. An upgraded version of the package is available that resolves this issue...

Extension script @substitutions@ within quoting allow SQL injection (CVE-2023-39417)

An extension script is vulnerable if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". No bundled extension is vulnerable. Vulnerable uses do appear in a documentation example and in non-bundled extensions. Hence, the attack prerequisite is ...

WordPress Ultimate Bootstrap Elements for Elementor plugin <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Image Widget vulnerability discovered by Francesco Carlucci in WordPress Plugin Ultimate Bootstrap Elements for Elementor versions = 1.4.0...

WordPress Ultimate Bootstrap Elements for Elementor Plugin <= 1.4.0 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Bootstrap Elements for Elementor Type Plugin Vulnerable versions = 1.4.0 Fixed in 1.4.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2132 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID dc6fc1769629 Credit...

CVE-2023-2976 affecting package javapackages-bootstrap for versions less than 1.5.0-5

CVE-2023-2976 affecting package javapackages-bootstrap for versions less than 1.5.0-5. An upgraded version of the package is available that resolves this issue...

CVE-2024-2132

The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Widget in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-2132 Ultimate Bootstrap Elements for Elementor <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Widget

The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Widget in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

openSUSE Security Advisory (SUSE-SU-2024:1119-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: javapackages-bootstrap

Issue Overview: Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue. CVE-2024-25710 Affected Packages:...

Important: javapackages-bootstrap

Issue Overview: Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue. CVE-2024-25710 Affected Packages:...

Amazon Linux 2023 : javapackages-bootstrap (ALAS2023-2024-561)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-561 advisory. Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to...