EUVD-2021-31192

Malicious code in bioql PyPI...

cart2quote/module-quotation-encoded Remote Code Execution via downloadCustomOptionAction

cart2quote/module-quotation-encoded extension may expose a critical security vulnerability by utilizing the unserialize function when processing data from a GET request. This flaw, present in the app/code/community/Ophirah/Qquoteadv/controllers/DownloadController.php and...

Insecure Direct Object Reference (IDOR)

ibexa/core is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is present because the DownloadController.php does not adequately validate the filenames in download URLs, allowing an attacker to craft malicious download URLs with filenames that bear no relation to the actual...

CVE-2021-44349

SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameter in App\Manage\Controller\DownloadController.class.php...

Sql injection

SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameter in App\Manage\Controller\DownloadController.class.php...

Remote Code Execution in Qquoteadv/controllers/DownloadController.php

More info at https://cart2quote.zendesk.com/hc/en-us/articles/115000616303--FIXED-Security-Vulnerability-in-downloadCustomOptionAction...

Remote Code Execution in Qquoteadv/controllers/DownloadController.php

More info at https://cart2quote.zendesk.com/hc/en-us/articles/115000616303--FIXED-Security-Vulnerability-in-downloadCustomOptionAction...