8 matches found
CVE-2022-0472
Unrestricted Upload of File with Dangerous Type in Packagist jsdecena/laracom prior to v2.0.9...
EUVD-2022-0844
Malicious code in bioql PyPI...
Unrestricted Upload of File with Dangerous Type in jsdecena/laracom
jsdecena/laracom prior to version 2.0.9 is vulnerable to Unrestricted Upload of File with Dangerous Type...
CVE-2022-0472
Unrestricted Upload of File with Dangerous Type in Packagist jsdecena/laracom prior to v2.0.9...
CVE-2022-0472 Unrestricted Upload of File with Dangerous Type in jsdecena/laracom
Unrestricted Upload of File with Dangerous Type in Packagist jsdecena/laracom prior to v2.0.9...
CVE-2022-0472 Unrestricted Upload of File with Dangerous Type in jsdecena/laracom
Unrestricted Upload of File with Dangerous Type in Packagist jsdecena/laracom prior to v2.0.9...
CVE-2022-0472
CVE-2022-0472 affects the Packagist package jsdecena/laracom prior to version 2.0.9. The root cause is an Unrestricted Upload of File with Dangerous Type , enabling an attacker with a valid account (per the Huntr PoC) to upload files such as HTML that can contain scripts. This can lead to content...
in jsdecena/laracom
Description Hi there, I would like to report a vulnerability that allows a hacker to upload dangerous file type in jsdecena/laracom. Attacker must have an account with permission to Edit Product E.g. Clerk role. Then, he can upload malcious file with extensions such as html, svg,... which leads t...