17 matches found
EUVD-2024-2296
Malicious code in bioql PyPI...
EUVD-2024-3123
Malicious code in bioql PyPI...
EUVD-2024-2124
Malicious code in bioql PyPI...
EUVD-2024-2159
Malicious code in bioql PyPI...
CVE-2024-37294
Aimeos is an Open Source e-commerce framework for online shops. All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack. Users should upgrade to versions 2022.10.17, 2023.10.17, or 2024.04 of the aimeos/aimeos-core package to...
CVE-2024-47173
Aimeos is an e-commerce framework. All SaaS and marketplace setups using the Aimeos GraphQL API admin interface version from 2024.04 up to 2024.07.1 are affected by a potential denial of service attack. Version 2024.07.2 fixes the issue...
CVE-2024-39319 aimeos/ai-controller-frontend has IDOR vulnerability in account profile page
aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Prior to versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, an insecure direct object reference allows an attacker to disable subscriptions and reviews of another customer. Versions...
CVE-2024-39322
aimeos/ai-admin-jsonadm is the Aimeos e-commerce JSON API for administrative tasks. In versions prior to 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2, improper access control allows editors to remove admin group and locale configuration in the Aimeos backend. Versions 2020.10.13,...
CVE-2024-39322
CVE-2024-39322 affects the aimes/ai-admin-jsonadm JSON API used for administrative tasks. In versions prior to 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2, improper access control allows editors to remove admin group and locale configuration in the Aimeos backend. A fix is present i...
CVE-2024-39322 aimeos/ai-admin-jsonadm improper access control vulnerability allows editors to remove required records
aimeos/ai-admin-jsonadm is the Aimeos e-commerce JSON API for administrative tasks. In versions prior to 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2, improper access control allows editors to remove admin group and locale configuration in the Aimeos backend. Versions 2020.10.13,...
CVE-2024-38516 Aimeos HTML client may potentially reveal sensitive information in error log
ai-client-html is an Aimeos e-commerce HTML client component. Debug information revealed sensitive information from environment variables in error log. This issue has been patched in versions 2024.04.7, 2023.10.15, 2022.10.13 and 2021.10.22...
CVE-2024-38516 Aimeos HTML client may potentially reveal sensitive information in error log
ai-client-html is an Aimeos e-commerce HTML client component. Debug information revealed sensitive information from environment variables in error log. This issue has been patched in versions 2024.04.7, 2023.10.15, 2022.10.13 and 2021.10.22...
CVE-2024-38516
CVE-2024-38516 affects the ai-client-html component of the Aimeos e-commerce stack. The root cause, as described across sources, is a vulnerability where debug information can leak sensitive data from environment variables via error logs. The issue is categorized as information disclosure with hi...
CVE-2024-38516 Aimeos HTML client may potentially reveal sensitive information in error log
ai-client-html is an Aimeos e-commerce HTML client component. Debug information revealed sensitive information from environment variables in error log. This issue has been patched in versions 2024.04.7, 2023.10.15, 2022.10.13 and 2021.10.22...
Aimeos Laravel Ecommerce Platform 2021.10 LTS SQL Injection
Exploit Title: Aimeos Laravel ecommerce platform 2021.10 LTS - 'sort' SQL injection Date: 20/11/2021 Exploit Author: Ilker Burak ADIYAMAN Vendor Homepage: https://aimeos.org Software Link: https://aimeos.org/laravel-ecommerce-package Version: Aimeos 2021.10 LTS Tested on: MacOSX Description: The...
Aimeos Laravel ecommerce platform 2021.10 LTS - (sort) SQL injection Vulnerability
Exploit Title: Aimeos Laravel ecommerce platform 2021.10 LTS - 'sort' SQL injection Exploit Author: Ilker Burak ADIYAMAN Vendor Homepage: https://aimeos.org Software Link: https://aimeos.org/laravel-ecommerce-package Version: Aimeos 2021.10 LTS Tested on: MacOSX Description: The Aimeos E-Commerce...
Cross-site Scripting (XSS) - Stored in aimeos/aimeos-laravel
✍️ Description Integrated online shop based on Laravel 6 LTS and the Aimeos e-commerce framework this webapp is vulnerabel for stored xss thru filename 🕵️♂️ Proof of Concept 💥 Impact This vulnerability is capable admin ac takeover , XSS...