47 matches found
Magento 2 Amasty Order Attributes < 4.0.0 - Unauthenticated Arbitrary File Upload
Amasty Order Attributes for Magento 2 4.0.0 contains an unrestricted file upload vulnerability caused by lack of authentication and validation in the upload endpoint, letting unauthenticated attackers upload arbitrary files including PHP, enabling remote code execution or malware hosting. id:...
CVE-2026-53787
Amasty Order Attributes for Magento 2 before version 4.0.0 contains an unauthenticated arbitrary file upload vulnerability that allows unauthenticated attackers to write arbitrary files to the store's media directory by submitting files of any type or name to the upload endpoint without...
EUVD-2026-36430
Amasty Order Attributes for Magento 2 before version 4.0.0 contains an unauthenticated arbitrary file upload vulnerability that allows unauthenticated attackers to write arbitrary files to the store's media directory by submitting files of any type or name to the upload endpoint without...
CVE-2026-53787 Amasty Order Attributes for Magento 2 < 4.0.0 Unauthenticated Arbitrary File Upload
Amasty Order Attributes for Magento 2 before version 4.0.0 contains an unauthenticated arbitrary file upload vulnerability that allows unauthenticated attackers to write arbitrary files to the store's media directory by submitting files of any type or name to the upload endpoint without...
CVE-2026-53787
Amasty Order Attributes for Magento 2 (versions
PT-2026-48882
Name of the Vulnerable Software and Affected Versions Amasty Order Attributes for Magento 2 versions prior to 4.0.0 Description An unauthenticated arbitrary file upload issue allows attackers to write files of any type or name to the store's media directory. This occurs because the upload endpoin...
CVE-2022-35500
Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting XSS via leave comment functionality...
CVE-2022-35501
Stored Cross-site Scripting XSS exists in the Amasty Blog Pro 2.10.3 and 2.10.4 plugin for Magento 2 because of the duplicate post function...
EUVD-2022-39144
Malicious code in bioql PyPI...
EUVD-2022-38388
Malicious code in bioql PyPI...
EUVD-2022-38389
Malicious code in bioql PyPI...
EUVD-2022-39145
Malicious code in bioql PyPI...
CVE-2022-36433
The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the shortcontent and fullcontent fields, leading to XSS attacks against admin panel users via posts/preview or posts/save...
CVE-2022-36432
The Preview functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 uses eval unsafely. This allows attackers to perform Cross-site Scripting attacks on admin panel users by manipulating the generated preview application response...
Amasty Blog Pro for Magento 2 Cross-Site Scripting Vulnerability
Amasty Blog is a website page extension from Amasty. magento2 is an open source PHP e-commerce system. Amasty Blog Pro 2.10.5 before the version for Magento 2 has a cross-site scripting vulnerability , the vulnerability stems from the plugin in the blog post creation function fails to shortconten...
CVE-2022-36433
The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the shortcontent and fullcontent fields, leading to XSS attacks against admin panel users via posts/preview or posts/save...
CVE-2022-36433
The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the shortcontent and fullcontent fields, leading to XSS attacks against admin panel users via posts/preview or posts/save...
Design/Logic Flaw
The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the shortcontent and fullcontent fields, leading to XSS attacks against admin panel users via posts/preview or posts/save...
Amasty Blog 跨站脚本漏洞
Amasty Blog is a website page extension from Amasty. magento2 is an open source PHP e-commerce system. Amasty Blog Pro 2.10.5 before the version for Magento 2 has a cross-site scripting vulnerability , the vulnerability stems from the plugin in the blog post creation function fails to shortconten...
CVE-2022-36433
The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the shortcontent and fullcontent fields, leading to XSS attacks against admin panel users via posts/preview or posts/save...