EUVD-2024-3123

Malicious code in bioql PyPI...

CVE-2024-47173

Aimeos is an e-commerce framework. All SaaS and marketplace setups using the Aimeos GraphQL API admin interface version from 2024.04 up to 2024.07.1 are affected by a potential denial of service attack. Version 2024.07.2 fixes the issue...

CVE-2024-47173 Aimeos GraphQL API admin interface denial of service vulnerability in SaaS and marketplace setups

Aimeos is an e-commerce framework. All SaaS and marketplace setups using the Aimeos GraphQL API admin interface version from 2024.04 up to 2024.07.1 are affected by a potential denial of service attack. Version 2024.07.2 fixes the issue...

CVE-2024-37295 Aimeos Core remote code execution in web server context

Aimeos is an Open Source e-commerce framework for online shops. Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like images but contain PHP code which can then be executed in the context of the web server. Version...

CVE-2024-37294

CVE-2024-37294 – Aimeos denial of service . The vulnerability affects all SaaS and marketplace deployments using Aimeos in versions 2022, 2023, and 2024. The underlying issue leads to a potential denial of service, with a base CVSS v3.1 score of 5.5 (Network, Privileges Required: High, User Inter...

Webkul Software Bagisto 安全漏洞

Webkul Software Bagisto is an open source e-commerce framework from Indian company Webkul Software. A security vulnerability exists in Webkul Software Bagisto v1.5.1 that stems from susceptibility to server-side template injection SSTI attacks...

CVE-2022-31000

solidusbackend is the admin interface for the Solidus e-commerce framework. Versions prior to 3.1.6, 3.0.6, and 2.11.16 contain a cross-site request forgery CSRF vulnerability. The vulnerability allows attackers to change the state of an order's adjustments if they hold its number, and the...

Cross site request forgery (csrf)

solidusbackend is the admin interface for the Solidus e-commerce framework. Versions prior to 3.1.6, 3.0.6, and 2.11.16 contain a cross-site request forgery CSRF vulnerability. The vulnerability allows attackers to change the state of an order's adjustments if they hold its number, and the...

CVE-2022-31000 CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backend

solidusbackend is the admin interface for the Solidus e-commerce framework. Versions prior to 3.1.6, 3.0.6, and 2.11.16 contain a cross-site request forgery CSRF vulnerability. The vulnerability allows attackers to change the state of an order's adjustments if they hold its number, and the...

Pimcore SQL Injection Vulnerability (CNVD-2022-85099)

Pimcore is an open source Web content management platform for creating and managing Web applications from Austrian company Pimcore. The platform integrates Web content management, e-commerce framework and product information management applications. pimcore has a SQL injection vulnerability, whic...

Pimcore Cross-Site Scripting Vulnerability (CNVD-2022-07508)

Pimcore is an open source Web content management platform for creating and managing Web applications from the Austrian company Pimcore. The platform integrates Web content management, e-commerce framework and product information management applications.Pimcore in versions prior to 10.1.2 there is...

Pimcore Formula Injection Vulnerability

Pimcore is a set of open source Web content management platform for creating and managing Web applications from Austrian company Pimcore. The platform integrates Web content management, e-commerce framework and product information management applications.Pimcore versions prior to 10.1.1 have a...

Cross-site Scripting (XSS) - Stored in aimeos/aimeos-core

✍️ Description Integrated online shop based on Laravel 6 LTS and the Aimeos e-commerce framework this webapp is vulnerabel for stored xss thru filename 🕵️‍♂️ Proof of Concept 💥 Impact This vulnerability is capable stored XSS...

Cross-site Scripting (XSS) - Stored in aimeos/aimeos-laravel

✍️ Description Integrated online shop based on Laravel 6 LTS and the Aimeos e-commerce framework this webapp is vulnerabel for stored xss thru filename 🕵️‍♂️ Proof of Concept 💥 Impact This vulnerability is capable admin ac takeover , XSS...

TYPO3 Aimeos shop and e-commerce framework cross-site scripting vulnerability

TYPO3 is a free and open source content management system. TYPO3 Aimeos shop and e-commerce framework suffers from a cross-site scripting vulnerability that can be exploited by remote attackers to inject malicious script or HTML code...