Pimcore Platform - SQL Injection in DataObject composite index handling during class definition import/save

Description An authenticated administrative user who can import or save DataObject class definitions can inject attacker-controlled composite index metadata and trigger unintended SQL execution in the backend. The vulnerable flow accepts compositeIndices from imported JSON, stores the values...

EUVD-2025-12382

Malicious code in bioql PyPI...

Prestashop 代码注入漏洞

Prestashop is a set of open source e-commerce solutions from the United States Prestashop. The solution provides multiple payment methods, short message alerts and product image scaling. A code injection vulnerability exists in PrestaShop versions 1.7.0.0 - 1.7.8.2, which can be exploited by an...

Information disclosure

In Shopizer before version 2.11.0, a script can be injected in various forms and saved in the database, then executed when information is fetched from backend. This has been patched in version 2.11.0...

TYPO3 code issue vulnerability (CNVD-2019-40298)

TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. A code issue vulnerability exists in TYPO3, which can be exploited by an attacker to execute arbitrary code on the backend...

CVE-2019-12517

An XSS issue was discovered in the slickquiz plugin through 1.3.7.1 for WordPress. The savequizscore functionality available via the /wp-admin/admin-ajax.php endpoint allows unauthenticated users to submit quiz solutions/answers, which are stored in the database and later shown in the WordPress...