PrestaShop 跨站脚本漏洞

PrestaShop is an open-source e-commerce solution developed by the PrestaShop company in the United States. This solution offers various payment methods, SMS notifications, and features like image scaling for products. Versions of PrestaShop prior to 8.2.5 and 9.1.0 contained a cross-site scriptin...

CVE-2026-2452

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bug: It was possible to exfiltrate information...

Command Execution Vulnerability in ejucms Backend Templates

EJU real estate system ejucms is a set of localized O2O real estate website platform system. ejucms background template command execution vulnerability, attackers can exploit the vulnerability to obtain server privileges...

WMCMS backend templates have arbitrary file download vulnerability

WMCMS is based on PHP + MYSQL as the core development, free + open source professional Chinese labeling system. WMCMS background templates exist arbitrary file download vulnerability. Attackers can use this vulnerability to download arbitrary files...

DocCms 2016 version has a file upload vulnerability at the backend templates

DocCMS rice husk enterprise building system, also known as rice husk cms, doccms, formerly known as deep throat enterprise building system ShlCms, is the industry's leading free open source enterprise website building system, enterprise website generation system. DocCms 2016 version of the file...

Code Execution Vulnerability in OURPHP Backend Templates

OURPHP is Harbin Weicheng Technology Co., Ltd. developed a PHP + MySQL based on the development of W3C standards-compliant building system. OURPHP background template code execution vulnerabilities, attackers can use the vulnerability to obtain control of the web server...

Command Execution Vulnerabilities in Cicada Knowledge Enterprise Portal System V7.0.1 Backend Templates

Cicada Knowledge Enterprise Portal System is an open source and free enterprise portal system. Cicada Knowledge Enterprise Portal System V7.0.1 command execution vulnerability exists in the background template. An attacker can exploit the vulnerability to gain server privileges...

Code Execution Vulnerability in UQCMS B2B2C Multi-merchant E-commerce System Backend Templates

B2B2C multi-merchant e-commerce system is combined with years of e-commerce development experience to launch the B2B2C multi-store system. There is a code execution vulnerability in the backend template of UQCMS B2B2C Multi-merchant E-commerce System. Attackers can use this vulnerability to write...