9840 matches found
CVE-2019-0367
SAP NetWeaver Process Integration B2B Toolkit, before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check...
PRODSECBUG-2407: Remote code execution due to unsafe PHP archieve deserialization in the import functionality
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
SugarCRM PHP Object Injection Vulnerability
SugarCRM is a set of open source customer relationship management software . A PHP object injection vulnerability exists in the import module of SugarCRM. The vulnerability stems from a lack of input validation. An attacker can exploit the vulnerability to inject custom PHP code...
PRODSECBUG-2462: Remote code execution via file upload in admin import feature
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2462: Remote code execution via file upload in admin import feature
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2223: Remote code execution when using functionality that imports a new product
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2462: Remote code execution via file upload in admin import feature
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
CVE-2019-17232
Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import...
CVE-2019-17232
Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import...
CVE-2019-17233
Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection...
CVE-2019-17232
CVE-2019-17232 affects the WordPress plugin Ultimate FAQs up to version 1.8.24. The vulnerability occurs in Functions/EWD_UFAQ_Import.php, allowing unauthenticated users to import options (and, per related sources, potentially export/import configurations) without authentication. This can enable ...
CVE-2019-17232
Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import...
EUVD-2019-7649
Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import...
CVE-2019-17316
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Import module by a Regular user...
CVE-2019-17316
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Import module by a Regular user...
Code injection
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Import module by a Regular user...
CVE-2019-17316
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Import module by a Regular user...
CVE-2019-17316
CVE-2019-17316 affects SugarCRM: versions prior to 8.0.4 and 9.x prior to 9.0.2. The vulnerability is a PHP object injection in the Import module exploitable by a regular user, due to insufficient input validation. Multiple connected sources (Red Hat, CNVD, CVE list) confirm the affected versions...
PT-2019-15079 · Sugarcrm · Sugarcrm
Name of the Vulnerable Software and Affected Versions: SugarCRM versions prior to 8.0.4 SugarCRM versions 9.x prior to 9.0.2 Description: The issue allows PHP object injection in the Import module by a Regular user. Recommendations: For SugarCRM versions prior to 8.0.4, update to version 8.0.4 or...
[SECURITY] Fedora 29 Update: phpMyAdmin-4.9.1-1.fc29
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...