Cross-Site Request Forgery (CSRF)

openmage/magento-lts is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists in the resetPasswordPostAction function in AccountController.php because the user sessions are not properly managed which allows an attacker to change a user passwords...

Input validation

Improper handling of extra parameters in the AccountController User Profile edit in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows authenticated users to gain application administrator privileges via additional form parameter submissions...

CVE-2019-11218

Improper handling of extra parameters in the AccountController User Profile edit in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows authenticated users to gain application administrator privileges via additional form parameter submissions...

CVE-2019-11218

Improper handling of extra parameters in the AccountController User Profile edit in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows authenticated users to gain application administrator privileges via additional form parameter submissions...

CVE-2019-11218

CVE-2019-11218 affects Bonobo Git Server prior to 6.5.0, where improper handling of extra parameters in AccountController (User Profile edit) allows authenticated users to escalate privileges to application administrator. The issue is triggered by additional form parameters and is documented acro...

CVE-2019-11218

Improper handling of extra parameters in the AccountController User Profile edit in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows authenticated users to gain application administrator privileges via additional form parameter submissions...