CVE-2019-7871

A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 that could be abused to execute arbitrary PHP code. An authenticated user can bypass security protections that prevent arbitrary PHP script upload via form data injection...

EUVD-2022-5282

Malicious code in bioql PyPI...

Cross-Site Scripting (XSS)

yikesinc/yikes-inc-easy-mailchimp-extender is vulnerable to cross-site scripting. The vulnerability exists because of unsanitized form data used in the addfieldtoform.php, allowing an attacker to inject and execute malicious JavaScript...

GHSA-V527-6H5R-CFG8 Magento 2 Community Edition Unsafe File Upload

A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 that could be abused to execute arbitrary PHP code. An authenticated user can bypass security protections that prevent arbitrary PHP script upload via form data injection...

Magento 2 Community Edition Unsafe File Upload

A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 that could be abused to execute arbitrary PHP code. An authenticated user can bypass security protections that prevent arbitrary PHP script upload via form data injection...

Easy Social Icons < 3.2.1 - Admin+ Stored Cross-Site Scripting in add icon

The plugin does not properly escape the imagefile field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even when the unfilteredhtml capability is disallowed. Version 3.2.0 adressed some of the issues, but was still vulnerable when clicking to edit the...

CVE-2019-7871

A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 that could be abused to execute arbitrary PHP code. An authenticated user can bypass security protections that prevent arbitrary PHP script upload via form data injection...

Security feature bypass

A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 that could be abused to execute arbitrary PHP code. An authenticated user can bypass security protections that prevent arbitrary PHP script upload via form data injection...

CVE-2019-7871

A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 that could be abused to execute arbitrary PHP code. An authenticated user can bypass security protections that prevent arbitrary PHP script upload via form data injection...

CVE-2019-7871

Magento 2.x contains a security bypass that enables arbitrary PHP code execution via form data injection. Affected versions are 2.1 before 2.1.18, 2.2 before 2.2.9, and 2.3 before 2.3.2. The root cause is a bypass of protections that prevent arbitrary PHP script upload, exploitable by an authenti...

PRODSECBUG-2202: Security bypass via form data injection

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

School Event Management System 1.0 Shell Upload

Exploit Title: School Event Management System 1.0 - Arbitrary File Upload Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/sems1.zip Version: 1.0...