CVE-2026-5798

Unsafe object reference IDOR in Stel Order v3.25.1 and earlier versions, specifically in the ‘/app/FrontController’ endpoint, through manipulation of the ‘employeeID’ parameter. An authenticated attacker could exploit this vulnerability to access information about any employee first names, last...

CVE-2026-5790 Stored Cross-Site Scripting (XSS) vulnerability in Stel Order

Stored Cross-Site Scripting XSS in Stel Order v3.25.1 and earlier, located at the ‘/app/FrontController’ endpoint via the ‘legalName’ and ‘employeeID’ parameters. The lack of proper input sanitization allows an attacker to inject malicious code that is persistently stored in the database. When...

CVE-2026-5790

Stored Cross-Site Scripting XSS in Stel Order v3.25.1 and earlier, located at the ‘/app/FrontController’ endpoint via the ‘legalName’ and ‘employeeID’ parameters. The lack of proper input sanitization allows an attacker to inject malicious code that is persistently stored in the database. When...

CVE-2026-5790 Stored Cross-Site Scripting (XSS) vulnerability in Stel Order

Stored Cross-Site Scripting XSS in Stel Order v3.25.1 and earlier, located at the ‘/app/FrontController’ endpoint via the ‘legalName’ and ‘employeeID’ parameters. The lack of proper input sanitization allows an attacker to inject malicious code that is persistently stored in the database. When...

CVE-2026-5798

CVE-2026-5798 affects Stel Order v3.25.1 and earlier. The vulnerability is an unsafe object reference (IDOR) in the /app/FrontController endpoint, exploitable by manipulating the employeeID parameter in requests. An authenticated attacker could access information about any employee (e.g., first n...

EUVD-2026-30269

Unsafe object reference IDOR in Stel Order v3.25.1 and earlier versions, specifically in the ‘/app/FrontController’ endpoint, through manipulation of the ‘employeeID’ parameter. An authenticated attacker could exploit this vulnerability to access information about any employee first names, last...

EUVD-2023-34616

Malicious code in bioql PyPI...

CVE-2023-30149

SQL injection vulnerability in the City Autocomplete cityautocomplete module from ebewe.net for PrestaShop, prior to version 1.8.12 for PrestaShop version 1.5/1.6 or prior to 2.0.3 for PrestaShop version 1.7, allows remote attackers to execute arbitrary SQL commands via the type, inputname. or q...

Cache Poisoning

ezsystems/ezplatform is vulnerable to cache poisoning. The vulnerability is due to the inability to prevent front-controller script inclusion in URLs when using eZ Platform Cloud or within the .platform.app.yaml configuration file. It allows an attacker to manipulate the cache and potentially ser...

PT-2024-26278 · Unknown · Rsi Pdf/Html Catalog Evolution

Name of the Vulnerable Software and Affected Versions: RSI PDF/HTML catalog evolution prestapdf versions = 7.0.0 Description: A SQL injection issue exists, allowing a guest to perform SQL injection via the PrestaPDFProductListModuleFrontController::queryDb function. Recommendations: For versions ...

GHSA-QHJC-HG94-245V eZ Platform Prevent accepting app.php in URL in Platform.sh

The recommended rewrite rules in eZ Platform prevent users from including the front-controller script normally "app.php" in URLs. This prevents certain vulnerabilities related to caching. However, this is not possible when using eZ Platform Cloud i.e. running eZ Platform on the Platform.sh cloud...

PT-2024-40432 · Ez Systems · Ez Platform

Name of the Vulnerable Software and Affected Versions: ezsystems/ezplatform versions 1.7.9 through 1.7.9, 1.13.5 through 1.13.5, 2.5.4 through 2.5.4 Description: The issue is related to caching vulnerabilities when the front-controller script is included in URLs. This is particularly problematic...

PrestaShop SQL注入漏洞

PrestaShop is an open source e-commerce solution from the American company PrestaShop. The solution provides multiple payment methods, short message alerts, and product image scaling. A SQL injection vulnerability exists in PrestaShop autosuggest versions prior to 2.0.0, which stems from a...

CVE-2024-28393

SQL injection vulnerability in scalapay v.1.2.41 and before allows a remote attacker to escalate privileges via the ScalapayReturnModuleFrontController::postProcess method...

Scalapay 安全漏洞

Scalapay is an e-commerce software from Scalapay Inc. A security vulnerability exists in Scalapay v.1.2.41 and earlier versions that stems from the presence of a SQL injection vulnerability. An attacker can exploit the vulnerability to escalate privileges via the...

PT-2024-22413 · Scalapay · Scalapay

Name of the Vulnerable Software and Affected Versions: Scalapay versions 1.2.41 and earlier Description: The issue allows a remote attacker to escalate privileges via the ScalapayReturnModuleFrontController::postProcess method. This is a SQL injection vulnerability. Recommendations: For Scalapay...

PT-2024-22412 · Unknown · Pscartabandonmentpro

Name of the Vulnerable Software and Affected Versions: pscartabandonmentpro versions 2.0.11 and earlier Description: The issue allows a remote attacker to escalate privileges via the pscartabandonmentproFrontCAPUnsubscribeJobModuleFrontController::setEmailVisualized method. This is a SQL injectio...

PrestaShop 安全漏洞

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. PrestaShop suffers from a SQL injection vulnerability that stems from the application...

CVE-2023-48925

SQL injection vulnerability in Buy Addons bavideotab before version 1.0.6, allows attackers to escalate privileges and obtain sensitive information via the component BaVideoTabSaveVideoModuleFrontController::run...

PT-2023-27702 · Kerawen · Kerawen

Name of the Vulnerable Software and Affected Versions: Kerawen versions prior to 2.5.1 Description: The issue is related to a SQL injection vulnerability. It occurs via the ocs id cart parameter at the KerawenDeliveryModuleFrontController::initContent function. Recommendations: For versions prior...