Lucene search
+L

61 matches found

Veracode
Veracode
added 2024/03/29 1:16 p.m.20 views

Unauthorized Access

oro/platform is vulnerable to Unauthorized Access. The vulnerability is due to inadequate access control measures within the OroPlatform's handling of page state data, which allows logged-in users to access the page state data of pinned pages belonging to other users by exploiting pageId hashes...

4.3CVSS6.7AI score0.0044EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/03/29 8:26 a.m.25 views

Information Disclosure

OroPlatform is vulnerable to Information Disclosure. The vulnerability is due to insufficient access control mechanisms in OroPlatform's JSON navigation response. Specifically, sensitive navigation history, most viewed, and favorite navigation items are disclosed to a storefront user if their ID...

4.3CVSS6.6AI score0.0044EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/03/25 7:15 p.m.29 views

CVE-2023-48296

OroPlatform is a PHP Business Application Platform BAP. Navigation history, most viewed and favorite navigation items are returned to storefront user in JSON navigation response if ID of storefront user matches ID of back-office user. This vulnerability is fixed in 5.1.4...

4.3CVSS4.5AI score0.0044EPSS
Exploits0References2
NVD
NVD
added 2024/03/25 7:15 p.m.37 views

CVE-2023-45824

OroPlatform is a PHP Business Application Platform BAP. A logged in user can access page state data of pinned pages of other users by pageId hash. This vulnerability is fixed in 5.1.4...

4.3CVSS4.5AI score0.0044EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/25 6:19 p.m.13 views

CVE-2023-48296 OroPlatform's storefront user can access history and most viewed data from matching back-office user with the same ID

OroPlatform is a PHP Business Application Platform BAP. Navigation history, most viewed and favorite navigation items are returned to storefront user in JSON navigation response if ID of storefront user matches ID of back-office user. This vulnerability is fixed in 5.1.4...

4.3CVSS6.7AI score0.0044EPSS
Exploits0References2
CVE
CVE
added 2024/03/25 6:19 p.m.69 views

CVE-2023-48296

Summary: OroPlatform (PHP BAP) contains an information disclosure vulnerability in the JSON navigation response. If a storefront user’s ID matches a back-office user’s ID, the response leaks navigation history, as well as most viewed and favorite navigation items. Root cause: Insufficient access ...

4.3CVSS4.4AI score0.0044EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/03/25 6:19 p.m.30 views

CVE-2023-48296 OroPlatform's storefront user can access history and most viewed data from matching back-office user with the same ID

OroPlatform is a PHP Business Application Platform BAP. Navigation history, most viewed and favorite navigation items are returned to storefront user in JSON navigation response if ID of storefront user matches ID of back-office user. This vulnerability is fixed in 5.1.4...

4.3CVSS4.8AI score0.0044EPSS
Exploits0References2
OSV
OSV
added 2024/03/25 6:19 p.m.31 views

CVE-2023-48296 OroPlatform's storefront user can access history and most viewed data from matching back-office user with the same ID

OroPlatform is a PHP Business Application Platform BAP. Navigation history, most viewed and favorite navigation items are returned to storefront user in JSON navigation response if ID of storefront user matches ID of back-office user. This vulnerability is fixed in 5.1.4...

4.3CVSS5AI score0.0044EPSS
Exploits0References4
CVE
CVE
added 2024/03/25 6:15 p.m.72 views

CVE-2023-45824

The CVE-2023-45824 issue affects OroPlatform (PHP BAP). A logged-in user can access page state data of pinned pages belonging to other users by using a pageId hash. Publicly documented details indicate this affects OroPlatform versions across multiple lines: 4.2.0–4.2.10, 5.0.0–5.0.12, and 5.1.0–...

4.3CVSS4.4AI score0.0044EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/03/25 6:15 p.m.12 views

CVE-2023-45824 OroPlatform's pinned entity creation form shows pages of other users

OroPlatform is a PHP Business Application Platform BAP. A logged in user can access page state data of pinned pages of other users by pageId hash. This vulnerability is fixed in 5.1.4...

4.3CVSS7AI score0.0044EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/03/25 6:15 p.m.39 views

CVE-2023-45824 OroPlatform's pinned entity creation form shows pages of other users

OroPlatform is a PHP Business Application Platform BAP. A logged in user can access page state data of pinned pages of other users by pageId hash. This vulnerability is fixed in 5.1.4...

4.3CVSS4.8AI score0.0044EPSS
Exploits0References2
OSV
OSV
added 2024/03/25 6:15 p.m.33 views

CVE-2023-45824 OroPlatform's pinned entity creation form shows pages of other users

OroPlatform is a PHP Business Application Platform BAP. A logged in user can access page state data of pinned pages of other users by pageId hash. This vulnerability is fixed in 5.1.4...

4.3CVSS4.7AI score0.0044EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/03/25 12:0 a.m.8 views

PT-2024-13289 · Unknown · Oroplatform

Name of the Vulnerable Software and Affected Versions: OroPlatform versions prior to 5.1.4 Description: A logged in user can access page state data of pinned pages of other users by pageId hash. This issue allows unauthorized access to sensitive information. Recommendations: For versions prior to...

4.3CVSS7AI score0.0044EPSS
Exploits0References10
CNNVD
CNNVD
added 2024/03/25 12:0 a.m.6 views

OroPlatform 安全漏洞

OroPlatform is a PHP Business Application Platform BAP designed to make the development of custom business applications easier and faster. A security vulnerability exists in OroPlatform that originates from allowing logged-in users to access page state data from other users' fixed pages via pageI...

4.3CVSS4.8AI score0.0044EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/11/27 11:29 p.m.17 views

OroCalendarBundle has incorrect system calendar events visibility

OroPlatform is a package that assist system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks...

5CVSS6.9AI score0.00538EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2023/11/27 11:29 p.m.70 views

GHSA-X2XM-P6VQ-482G OroCalendarBundle has incorrect system calendar events visibility

OroPlatform is a package that assist system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks...

5CVSS4.6AI score0.00538EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2023/11/27 11:28 p.m.28 views

OroPlatform vulnerable to path traversal during temporary file manipulations

Impact Path Traversal is possible in Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. The file will be deleted...

9.8CVSS7.1AI score0.00946EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/11/27 11:28 p.m.63 views

GHSA-9V3J-4J64-P937 OroPlatform vulnerable to path traversal during temporary file manipulations

Impact Path Traversal is possible in Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. The file will be deleted...

8.5CVSS9.4AI score0.00946EPSS
Exploits0References3
NVD
NVD
added 2023/11/27 10:15 p.m.32 views

CVE-2023-32062

OroPlatform is a package that assists system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks. This vulnerability has been patched in version 5.1.1...

5CVSS0.00538EPSS
Exploits0References3
Prion
Prion
added 2023/11/27 10:15 p.m.25 views

Security feature bypass

OroPlatform is a package that assists system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks. This vulnerability has been patched in version 5.1.1...

4CVSS6.8AI score0.00538EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder