6 matches found
📄 Blesta 5.13.1 2Checkout PHP Object Injection
Blesta versions 3.0.0 through 5.13.1 suffer from a 2Checkout PHP object injection vulnerability. The vulnerabilities exist because user input passed through the invoices POST parameter or the item-ext-ref GET parameter when dispatching the Checkout2::validate or Checkout2::success method is not...
CVE-2026-25615
Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5668...
CVE-2026-25616
Blesta CVE-2026-25616 affects Blesta versions 3.x through 5.x before 5.13.3 due to mishandling of input validation (CORE-5665). Multiple sources (Red Hat, CVE listing, PacketStorm) indicate impacts include input handling defects that enable cross-site scripting in certain endpoints, with the cano...
CVE-2026-25615
Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5668...
CVE-2026-25614
Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5680...
Blesta Security Breach
Blesta is a customer relationship management system from Blesta. A security vulnerability exists in Blesta versions prior to v5.9.2 that stems from a path traversal vulnerability in the /path/to/uploads/ directory. An attacker can exploit this vulnerability to take over a user account and execute...