CVE-2022-37346

EC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 contains an insufficient verification vulnerability when uploading files. Exploiting this vulnerability allows a remote unauthenticated attacker to upload arbitrary files other than image files. If a user with an administrative...

EUVD-2022-39980

Malicious code in bioql PyPI...

EUVD-2021-8158

Malicious code in bioql PyPI...

EUVD-2022-26420

Malicious code in bioql PyPI...

CVE-2022-21179

Cross-site request forgery CSRF vulnerability in EC-CUBE plugin 'Mail Magazine Management Plugin' ver4.0.0 to 4.1.1 for EC-CUBE 4 series and ver1.0.0 to 1.0.4 for EC-CUBE 3 series allows a remote unauthenticated attacker to hijack the authentication of an administrator via a specially crafted pag...

CVE-2022-37346

EC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 contains an insufficient verification vulnerability when uploading files. Exploiting this vulnerability allows a remote unauthenticated attacker to upload arbitrary files other than image files. If a user with an administrative...

CVE-2022-37346

EC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 contains an insufficient verification vulnerability when uploading files. Exploiting this vulnerability allows a remote unauthenticated attacker to upload arbitrary files other than image files. If a user with an administrative...

EC-CUBE plugin "Product Image Bulk Upload Plugin" vulnerable to insufficient verification in uploading files

Overview EC-CUBE plugin "Product Image Bulk Upload Plugin", a plugin that enables to upload image files, provided by EC-CUBE CO.,LTD. contains an insufficient verification vulnerability when uploading files CWE-20. Exploiting this vulnerability allows a remote unauthenticated attacker to upload...

EC-CUBE 代码问题漏洞

EC-CUBE is an open source e-commerce system from EC-CUBE Japan. A security vulnerability exists in EC-CUBE Plugin Product Image Bulk Upload Plugin 1.0.1 and earlier versions, which stems from insufficient authentication when uploading files and can be exploited by remote attackers to upload...

EC-CUBE plugin "Easy Blog for EC-CUBE4" vulnerable to cross-site request forgery

Overview EC-CUBE plugin "Easy Blog for EC-CUBE4" provided by COREMOBILE Co. Ltd. contains a cross-site request forgery vulnerability CWE-352. Furukawa Natsumi of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

CVE-2022-21179

Cross-site request forgery CSRF vulnerability in EC-CUBE plugin 'Mail Magazine Management Plugin' ver4.0.0 to 4.1.1 for EC-CUBE 4 series and ver1.0.0 to 1.0.4 for EC-CUBE 3 series allows a remote unauthenticated attacker to hijack the authentication of an administrator via a specially crafted pag...

CVE-2022-21179

Cross-site request forgery CSRF vulnerability in EC-CUBE plugin 'Mail Magazine Management Plugin' ver4.0.0 to 4.1.1 for EC-CUBE 4 series and ver1.0.0 to 1.0.4 for EC-CUBE 3 series allows a remote unauthenticated attacker to hijack the authentication of an administrator via a specially crafted pag...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in EC-CUBE plugin 'Mail Magazine Management Plugin' ver4.0.0 to 4.1.1 for EC-CUBE 4 series and ver1.0.0 to 1.0.4 for EC-CUBE 3 series allows a remote unauthenticated attacker to hijack the authentication of an administrator via a specially crafted pag...

EC-CUBE plugin "Mail Magazine Management Plugin" vulnerable to cross-site request forgery

Overview EC-CUBE plugin "Mail Magazine Management Plugin" provided by EC-CUBE CO.,LTD. contains a cross-site request forgery vulnerability CWE-352. Kenta Yamamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informatio...

Ec-cube 跨站请求伪造漏洞

Ec-cube is an open source e-commerce system from the Japanese company Ec-cube. The EC-CUBE plugin suffers from a cross-site request forgery vulnerability that exists due to insufficient authentication of the HTTP request source. A remote attacker could use this vulnerability to trick a victim int...

EC-CUBE plugin "Order Status Batch Change Plug-in" vulnerable to cross-site scripting

Overview EC-CUBE plugin "Order Status Batch Change Plug-in" provided by ActiveFusions Co., Ltd. contains a cross-site scripting vulnerability CWE-79. An arbitrary script may be executed by conducting a specific operation on the management page of EC-CUBE. ActiveFusions Co., Ltd. reported this...

JVN#46313661: EC-CUBE plugin "List (order management) item change plug-in" vulnerable to cross-site scripting

EC-CUBE plugin "List order management item change plug-in" provided by shiro8 Co., Ltd. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing the administrative page of the product. Solution Update the plug...

CVE-2021-20742

Cross-site scripting vulnerability in EC-CUBE Business form output plugin for EC-CUBE 3.0 series versions prior to version 1.0.1 allows a remote attacker to inject an arbitrary script via unspecified vector...

CVE-2021-20743

Cross-site scripting vulnerability in EC-CUBE Email newsletters management plugin for EC-CUBE 3.0 series versions prior to version 1.0.4 allows a remote attacker to inject an arbitrary script by leading a user to a specially crafted page and to perform a specific operation...

CVE-2019-6003

Cross-site scripting vulnerability in EC-CUBE plugin 'Amazon Pay Plugin 2.12,2.13' version 2.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...