MAL-2026-1318 Malicious code in @web-monorepo/fetchers (npm)

Package is malware. It exfiltrates data to a suspicious domain via callback.js, triggered by a preinstall script in package.json. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3faaa666cb666785670b3a638b1f832d4492f7eb2c999f41f7bb551cde2aa86 The package...

PrestaShop EuroInformation MoneticoPaiement 安全漏洞

PrestaShop EuroInformation MoneticoPaiement is a plugin from PrestaShop France for integrating Monetico/CIC/Créditxa0Mutuel payment gateway into PrestaShop. A security vulnerability exists in PrestaShop EuroInformation MoneticoPaiement versions prior to 1.1.1 that stems from the parameters TPE,...

PrestaShop CoinGate Plugin 安全漏洞

PrestaShop CoinGate Plugin is an open source plugin for CoinGate. A security vulnerability exists in PrestaShop CoinGate Plugin 1.2.7 and earlier versions, which stems from the postProcess function in the file modules/coingate/controllers/front/callback.php that can cause business logic errors...

PT-2024-10622 · Unknown · Coingate Plugin

Name of the Vulnerable Software and Affected Versions: CoinGate Plugin versions up to 1.2.7 Description: A vulnerability was found in the CoinGate Plugin, affecting the function postProcess of the file modules/coingate/controllers/front/callback.php of the component Payment Handler. This issue...

CVE-2023-2405

The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.2. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin's settin...

PT-2023-19377 · Vcita · Crm/Lead Management By Vcita

Name of the Vulnerable Software and Affected Versions: CRM and Lead Management by vcita plugin for WordPress versions up to, and including, 2.6.2 Description: The issue is due to missing nonce validation in the vcita-callback.php file, making it possible for unauthenticated attackers to modify th...

Glewlwyd 路径遍历漏洞

Glewlwyd is a single sign-on SSO server for multi-factor authentication for OAuth2 and OpenID Connect authentication. A security vulnerability exists in Glewlwyd version 2.6.2 and earlier versions, which stems from staticcompressedinmemorywebsitecallback.c that allows directory traversal...

S-CMS SQL Injection Vulnerability (CNVD-2018-26676)

S-CMS is a content management system CMS based on PHP and MySQL. A SQL injection vulnerability exists in the bank/callback1.php file in S-CMS version 3.0, which stems from the program's failure to filter the 'Pno' field, and can be exploited by remote attackers to execute SQL statements with the...

Security Onion Solutions Squert Command Execution Vulnerability (CNVD-2018-05761)

Security Onion Solutions Squert is a web application for querying and viewing event data stored in the Shuil database. A security vulnerability exists in the .inc/callback.php file in Security Onion Solutions Squert versions 1.0.1 through 1.6.7. The vulnerability can be exploited to execute...