21 matches found
EUVD-2024-0339
Malicious code in bioql PyPI...
EUVD-2025-28429
Malicious code in bioql PyPI...
EUVD-2024-2259
Malicious code in bioql PyPI...
CVE-2025-52338
An issue in the default configuration of the password reset function in LogicData eCommerce Framework v5.0.9.7000 allows attackers to bypass authentication and compromise user accounts via a bruteforce attack...
CVE-2025-52338
An issue in the default configuration of the password reset function in LogicData eCommerce Framework v5.0.9.7000 allows attackers to bypass authentication and compromise user accounts via a bruteforce attack...
CVE-2025-52338
An issue in the default configuration of the password reset function in LogicData eCommerce Framework v5.0.9.7000 allows attackers to bypass authentication and compromise user accounts via a bruteforce attack...
CVE-2025-52337
CVE-2025-52337 affects LogicData eCommerce Framework v5.0.9.7000. The vulnerability is an authenticated arbitrary file upload in the Content Explorer feature, which could allow an attacker to execute arbitrary code on the server. CNNVD corroborates that the issue originates from this authenticate...
PT-2025-33851 · Logicdata · Logicdata Ecommerce Framework
Name of the Vulnerable Software and Affected Versions: LogicData eCommerce Framework version 5.0.9.7000 Description: An authenticated arbitrary file upload issue exists in the Content Explorer feature. This allows attackers to execute arbitrary code by uploading a crafted file. Recommendations: A...
CVE-2025-52337
An authenticated arbitrary file upload vulnerability in the Content Explorer feature of LogicData eCommerce Framework v5.0.9.7000 allows attackers to execute arbitrary code via uploading a crafted file...
CVE-2025-52338
CVE-2025-52338 affects LogicData eCommerce Framework (v5.0.9.7000). The vulnerability stems from a misconfigured default in the password reset function, enabling an attacker to bypass authentication and compromise user accounts via brute-force attempts. CVSS v3.1 base score 5.3 (Network, Low atta...
PT-2025-33852 · Logicdata · Logicdata Ecommerce Framework
Name of the Vulnerable Software and Affected Versions: LogicData eCommerce Framework version 5.0.9.7000 Description: An issue in the default configuration of the password reset function allows attackers to bypass authentication and compromise user accounts via a bruteforce attack. Recommendations...
LogicData eCommerce Framework 安全漏洞
LogicData eCommerce Framework is an eCommerce middleware from LogicData Corporation. A security vulnerability exists in LogicData eCommerce Framework version v5.0.9.7000, which originates from an authenticated, arbitrary file upload in the Content Explorer feature and could lead to the execution ...
CVE-2024-40633
Summary: CVE-2024-40633 affects Sylius (Symfony-based) in the /api/v2/shop/adjustments/{id} endpoint. The flaw enables an attacker to enumerate valid adjustment IDs and retrieve order tokens, potentially exposing sensitive guest customer order details. Affected/Root cause: Unauthenticated access ...
CVE-2024-40633 Customer data leak via adjustments API endpoint in Sylius
Sylius is an Open Source eCommerce Framework on Symfony. A security vulnerability was discovered in the /api/v2/shop/adjustments/id endpoint, which retrieves order adjustments based on incremental integer IDs. The vulnerability allows an attacker to enumerate valid adjustment IDs and retrieve ord...
Spoofing
ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle. An authenticated and unauthorized user can access the back-office orders list and be able to query over the information returned. Access control and permissions are not being enforced. This vulnerability has been patched in...
CVE-2024-21665 Pimcore Ecommerce Framework Bundle Improper Access Control allows unprivileged user to access back-office orders list
ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle. An authenticated and unauthorized user can access the back-office orders list and be able to query over the information returned. Access control and permissions are not being enforced. This vulnerability has been patched in...
CVE-2024-21665 Pimcore Ecommerce Framework Bundle Improper Access Control allows unprivileged user to access back-office orders list
ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle. An authenticated and unauthorized user can access the back-office orders list and be able to query over the information returned. Access control and permissions are not being enforced. This vulnerability has been patched in...
Pimcore Security Vulnerability
Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, ecommerce framework and product information management applications. A security vulnerability exists in Pimcore...
GHSA-CX99-25HR-5JXF Pimcore Ecommerce Framework Bundle Improper Access Control allows unprivileged user to access back-office orders list
Summary An authenticated and unauthorized user can access the back-office orders list and be able to query over the information returned. Details Permissions do not seem to be enforced when reaching the admin/ecommerceframework/admin-order/list endpoint allowing an authenticated user without the...
PT-2024-19007 · Pimcore · Pimcore Ecommerce Framework Bundle
Name of the Vulnerable Software and Affected Versions: Pimcore Ecommerce Framework Bundle versions prior to 1.0.10 Description: The issue allows an authenticated and unauthorized user to access the back-office orders list and query over the information returned due to a lack of enforced access...