18 matches found
@elgentos/magento2-dev-mcp vulnerable to command injection
A vulnerability was identified in elgentos magento2-dev-mcp up to 1.0.2. The affected element is the function executeMagerun2Command of the file src/index.ts. Such manipulation leads to os command injection. An attack has to be approached locally. The exploit is publicly available and might be...
CVE-2026-5603
A vulnerability was identified in elgentos magento2-dev-mcp up to 1.0.2. The affected element is the function executeMagerun2Command of the file src/index.ts. Such manipulation leads to os command injection. An attack has to be approached locally. The exploit is publicly available and might be...
CVE-2026-5603
Summary (CVE-2026-5603) : A vulnerability in elgentos magento2-dev-mcp (up to 1.0.2) affects the function executeMagerun2Command in the file src/index.ts , enabling a local OS command injection . The issue is exploitable locally with a publicly available exploit. The patch identifier is aa1ffcc0a...
CVE-2026-5603 elgentos magento2-dev-mcp index.ts executeMagerun2Command os command injection
A vulnerability was identified in elgentos magento2-dev-mcp up to 1.0.2. The affected element is the function executeMagerun2Command of the file src/index.ts. Such manipulation leads to os command injection. An attack has to be approached locally. The exploit is publicly available and might be...
PT-2026-30513
Name of the Vulnerable Software and Affected Versions elgentos magento2-dev-mcp versions up to 1.0.2 Description A flaw exists in elgentos magento2-dev-mcp up to version 1.0.2 due to a command injection issue within the executeMagerun2Command function located in the src/index.ts file. This...
EUVD-2022-5397
Malicious code in bioql PyPI...
Exploit for Improper Input Validation in Adobe Commerce
CVE-2022-24086 CVE-2022-24086 POC example provided by BurpRoot...
GHSA-VPQ9-C67Q-23FQ Fastly Magento2 sensitive information disclosure
The Fastly CDN module before 1.2.26 for Magento2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses...
Fastly Magento2 sensitive information disclosure
The Fastly CDN module before 1.2.26 for Magento2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses...
Observable Timing Discrepancy in OpenMage LTS
Impact This vulnerability allows to circumvent the formkey protection in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks Patches The latest OpenMage Versions up from 19.4.6 and 20.0.2 have this Issue solved References Related to Adobes CVE-2020-9690...
GHSA-CRF2-XM6X-46P6 Observable Timing Discrepancy in OpenMage LTS
Impact This vulnerability allows to circumvent the formkey protection in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks Patches The latest OpenMage Versions up from 19.4.6 and 20.0.2 have this Issue solved References Related to Adobes CVE-2020-9690...
Authentication Bypass
cardgate/magento2 is vulnerable to authentication bypass. The Instant Payment Notification IPN callback processing function in Controller/Payment/Callback.php fails to authenticate the origin of IPN callback requests, allowing an attacker to spoof payments by sending the request with a valid...
PHP 7.0.x < 7.0.4 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.4. It is, therefore, affected by multiple vulnerabilities : - A type confusion error exists in file ext/soap/phphttp.c in the makehttpsoaprequest function when handling cookie data. An...
CVE-2017-13761
The Fastly CDN module before 1.2.26 for Magento2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses...
CVE-2017-13761
The Fastly CDN module before 1.2.26 for Magento2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses...
Authentication flaw
The Fastly CDN module before 1.2.26 for Magento2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses...
CVE-2017-13761
The CVE-2017-13761 issue affects the Fastly CDN module for Magento 2 prior to 1.2.26. When this module is used with a third-party authentication plugin, remote authenticated users may obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses. Aff...
CVE-2017-13761
The Fastly CDN module before 1.2.26 for Magento2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses...