13 matches found
EUVD-2021-18744
Malware in sbrugna...
Cross-site Request Forgery (CSRF)
sylius/resource-bundle is vulnerable to a Cross-Site Request Forgery. The vulnerability is due to the absence of proper validation and insufficient CSRF protection for actions such as marking order payments or product reviews in the AdminBundle and ResourceBundle. This allowing attackers to perfo...
GHSA-945H-6VCV-PC8H Sylius Admin Bundle Cross-Site Request Forgery vulnerability
Sylius 1.0.0 to 1.0.16, 1.1.0 to 1.1.8, 1.2.0 to 1.2.1 versions of AdminBundle and ResourceBundle are affected by this security issue. This issue has been fixed in Sylius 1.0.17, 1.1.9 and 1.2.2. Development branch for 1.3 release has also been fixed. Description The following actions in the admi...
Sylius Admin Bundle Cross-Site Request Forgery vulnerability
Sylius 1.0.0 to 1.0.16, 1.1.0 to 1.1.8, 1.2.0 to 1.2.1 versions of AdminBundle and ResourceBundle are affected by this security issue. This issue has been fixed in Sylius 1.0.17, 1.1.9 and 1.2.2. Development branch for 1.3 release has also been fixed. Description The following actions in the admi...
Sylius Resource Bundle Cross-Site Request Forgery vulnerability
Sylius 1.0.0 to 1.0.16, 1.1.0 to 1.1.8, 1.2.0 to 1.2.1 versions of AdminBundle and ResourceBundle are affected by this security issue. This issue has been fixed in Sylius 1.0.17, 1.1.9 and 1.2.2. Development branch for 1.3 release has also been fixed. Description The following actions in the admi...
CVE-2021-31869
Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injection issue in the specificID variable used by the application. This issue was fixed in version 6.9.4 of the product...
CVE-2021-31869
Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injection issue in the specificID variable used by the application. This issue was fixed in version 6.9.4 of the product...
Sql injection
Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injection issue in the specificID variable used by the application. This issue was fixed in version 6.9.4 of the product...
CVE-2021-31869
PVE: CVE-2021-31869 concerns Pimcore AdminBundle (v6.8.0 and earlier). Root cause: SQL injection in the specificID parameter used by admin data listing logic (grid-proxy/prepareListingForGrid) that concatenates user-supplied input into SQL. Impact: potential database-level manipulation or data ex...
CVE-2021-31869 Pimcore AdminBundle 'specificID' SQL Injection
Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injection issue in the specificID variable used by the application. This issue was fixed in version 6.9.4 of the product...
Pimcore SQL注入漏洞
Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates applications for Web content management, e-commerce frameworks and product information management. A security vulnerability exists in Pimcore...
Arbitrary file deletion
This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class bundles/AdminBundle/Controller/Reports/CustomReportController.php. An authenticated user can reach this function with a GET...
CVE-2021-23340
CVE-2021-23340 affects pimcore/pimcore pre-6.8.8 and is a Local File Inclusion in the downloadCsvAction of CustomReportController.php. An authenticated user can access /admin/reports/custom-report/download-csv?exportFile=[...] with an unsanitized exportFile parameter, enabling local file inclusio...