CVE-2023-3325 CMS Commander <= 2.287 - Authorization Bypass through Use of Insufficiently Unique Cryptographic Signature

The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmscaddsite' function in versions up to, and including, 2.287. This makes it possible for unauthenticated attackers to the plugin to change the...

WordPress CMS Commander Plugin <= 2.287 is vulnerable to Broken Access Control

Software CMS Commander Type Plugin Vulnerable versions = 2.287 Fixed in 2.288 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-3325 Patch priority Low CVSS severity Low 8.1 Developer Claim ownership PSID 74937eb26e46 Credits Lana Codes Required privilege...

PT-2023-24244 · WordPress · Cms Commander

Name of the Vulnerable Software and Affected Versions: CMS Commander plugin for WordPress versions up to, and including, 2.287 Description: The issue is related to an authorization bypass vulnerability due to the use of an insufficiently unique cryptographic signature on the cmsc add site functio...

WordPress Plugin CMS Commander 安全特征问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security signature issue...

CMS Commander < 2.288 - Unauthenticated Authorisation Bypass

The plugin does not use a sufficient unique cryptographic signature in its cmscaddsite feature, which could allow unauthenticated users to update the cmscpublickey settings when the plugin has not been configured yet, and get access to the plugin's remote control features such as creating an...

CVE-2023-33280

In the Store Commander scquickaccounting module for PrestaShop through 3.7.3, multiple sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection...

CVE-2023-33278

In the Store Commander scexportcustomers module for PrestaShop through 3.6.1, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection...

CVE-2023-33280

In the Store Commander scquickaccounting module for PrestaShop through 3.7.3, multiple sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection...

CVE-2023-33279

In the Store Commander scfixmyprestashop module through 2023-05-09 for PrestaShop, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection...

CVE-2023-33280

In the Store Commander scquickaccounting module for PrestaShop through 3.7.3, multiple sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection...

CVE-2023-33278

In the Store Commander scexportcustomers module for PrestaShop through 3.6.1, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection...

CVE-2023-33279

In the Store Commander scfixmyprestashop module through 2023-05-09 for PrestaShop, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection...

CVE-2023-33278

In the Store Commander scexportcustomers module for PrestaShop through 3.6.1, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection...

Sql injection

In the Store Commander scquickaccounting module for PrestaShop through 3.7.3, multiple sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection...

Sql injection

In the Store Commander scfixmyprestashop module through 2023-05-09 for PrestaShop, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection...

Sql injection

In the Store Commander scexportcustomers module for PrestaShop through 3.6.1, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection...

CVE-2023-33278

In the Store Commander scexportcustomers module for PrestaShop through 3.6.1, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection...

CVE-2023-33279

In the Store Commander scfixmyprestashop module through 2023-05-09 for PrestaShop, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection...

PT-2023-24263 · Prestashop · Store Commander Scfixmyprestashop Module

Name of the Vulnerable Software and Affected Versions: Store Commander scfixmyprestashop module through 2023-05-09 for PrestaShop Description: The issue allows sensitive SQL calls to be executed with a trivial HTTP request, which can be exploited to forge a blind SQL injection. Recommendations: F...

PT-2023-24262 · Unknown +1 · Prestashop +1

Name of the Vulnerable Software and Affected Versions: PrestaShop versions through 3.6.1 Description: The issue allows sensitive SQL calls to be executed with a trivial HTTP request, which can be exploited to forge a blind SQL injection. This can occur in the Store Commander scexportcustomers...