CVE-2022-36010 Arbitrary code execution via function parsing in react-editable-json-tree

This library allows strings to be parsed as functions and stored as a specialized component, JsonFunctionValue. To do this, Javascript's eval function is used to execute strings that begin with "function" as Javascript. This unfortunately could allow arbitrary code to be executed if it exists as ...

CVE-2022-36010 Arbitrary code execution via function parsing in react-editable-json-tree

This library allows strings to be parsed as functions and stored as a specialized component, JsonFunctionValue. To do this, Javascript's eval function is used to execute strings that begin with "function" as Javascript. This unfortunately could allow arbitrary code to be executed if it exists as ...

React Editable Json Tree 安全漏洞

React Editable Json Tree is a library by the individual developer Havrileck Alexandre. A security vulnerability exists in React Editable Json Tree versions prior to 2.2.2, which stems from the ability to parse and execute arbitrary code via the eval function...

PT-2022-23110 · Unknown · React-Editable-Json-Tree

Name of the Vulnerable Software and Affected Versions: react-editable-json-tree versions =3.0.0, no...

Sql injection

PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed in version 1.7.8.7. Users are advised to upgrade. Users...

CVE-2022-31181 Remote code execution in prestashop

PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed in version 1.7.8.7. Users are advised to upgrade. Users...

CVE-2022-31181

PrestaShop versions 1.6.0.10 through 1.7.8.7 contain an SQL injection flaw caused by unsanitized user input, which can be chained to call PHP’s Eval function. The vulnerability can lead to remote code execution and is fixed in 1.7.8.7. Upgrading to 1.7.8.7 or later is the recommended remediation;...

EUVD-2022-6354

PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed in version 1.7.8.7. Users are advised to upgrade. Users...

SQL Injection

Prestashop is vulnerable to SQL injection. The vulnerability is due to the file config/smarty.config.inc.php improperly neutralizing SQL code. An attacker can chain this vulnerability to then call the PHP eval function, executing arbitrary code...

PrestaShop eval injection possible if shop vulnerable to SQL injection

Impact Eval injection possible if the shop is vulnerable to an SQL injection. Patches The problem is fixed in version 1.7.8.7 Workarounds Delete the MySQL Smarty cache feature by removing these lines in the file config/smarty.config.inc.php lines 43-46 PrestaShop 1.7 or 40-43 PrestaShop 1.6: php ...

GHSA-HRGX-P36P-89Q4 PrestaShop eval injection possible if shop vulnerable to SQL injection

Impact Eval injection possible if the shop is vulnerable to an SQL injection. Patches The problem is fixed in version 1.7.8.7 Workarounds Delete the MySQL Smarty cache feature by removing these lines in the file config/smarty.config.inc.php lines 43-46 PrestaShop 1.7 or 40-43 PrestaShop 1.6: php ...

node-import `params` argument can be controlled by users without any sanitization

This affects all versions of package node-import. The params argument of module function can be controlled by users without any sanitization. This is then provided to the “eval” function located in line 79 in the index file index.js...

SQL Injection

prestashop/prestashop is vulnerable to SQL injection. An attacker is able to execute arbitrary SQL queries on the target system via sending specifically crafted input through the vulnerable fetch and save methods which in turn call PHP's Eval function...

DEBIAN-CVE-2020-7677

This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization...

CVE-2020-7677

This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization...

Session fixation

This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization...

Design/Logic Flaw

This affects all versions of package node-import. The "params" argument of module function can be controlled by users without any sanitization.b. This is then provided to the “eval” function located in line 79 in the index file "index.js"...

UBUNTU-CVE-2020-7677

This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization...

CVE-2020-7677

This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization...

CVE-2020-7678 Arbitrary Code Execution

This affects all versions of package node-import. The "params" argument of module function can be controlled by users without any sanitization.b. This is then provided to the “eval” function located in line 79 in the index file "index.js"...