6 matches found
Pimcore Platform - SQL Injection in DataObject composite index handling during class definition import/save
My name is Oscar Uribe, Security Researcher at Fluid Attacks. I am reaching out because we have identified a security vulnerability in Pimcore 12.3.3 that we would like to report to you so we can coordinate a responsible disclosure together. As part of our standard disclosure measures, we follow ...
EUVD-2025-12382
Malicious code in bioql PyPI...
Prestashop 代码注入漏洞
Prestashop is a set of open source e-commerce solutions from the United States Prestashop. The solution provides multiple payment methods, short message alerts and product image scaling. A code injection vulnerability exists in PrestaShop versions 1.7.0.0 - 1.7.8.2, which can be exploited by an...
Information disclosure
In Shopizer before version 2.11.0, a script can be injected in various forms and saved in the database, then executed when information is fetched from backend. This has been patched in version 2.11.0...
TYPO3 code issue vulnerability (CNVD-2019-40298)
TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. A code issue vulnerability exists in TYPO3, which can be exploited by an attacker to execute arbitrary code on the backend...
CVE-2019-12517
An XSS issue was discovered in the slickquiz plugin through 1.3.7.1 for WordPress. The savequizscore functionality available via the /wp-admin/admin-ajax.php endpoint allows unauthenticated users to submit quiz solutions/answers, which are stored in the database and later shown in the WordPress...