magento-lts 输入验证错误漏洞

Magento LTS is an open-source alternative to Magento CE, designed to be a reliable replacement for the official Magento version. Versions of Magento LTS prior to 20.18.0 contained a vulnerability related to input validation. This vulnerability stemmed from the...

PT-2026-37254

Summary Mage ProductAlert AddController::stockAction reads the uenc query parameter and passes it directly to $this- redirectUrl$backUrl without calling $this- isUrlInternal When the supplied product id does not match any catalog product, the server issues an unvalidated HTTP 302 redirect to...

CVE-2022-23798

An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not...

sudo: Arbitrary command execution

Background sudo allows a system administrator to give users the ability to run commands as other users. Description The sudoers file is used to define the actions sudo users are permitted to perform. Charles Morris discovered that a specific layout of the sudoers file could cause the results of a...