3 matches found
PraisonAI has Template Injection in Agent Tool Definitions
Summary Direct insertion of unescaped user input into template-rendering tools allows arbitrary code execution via specially crafted agent instructions. Details The createagentcentrictools function returns tools like acpcreatefile that process file content using template rendering. When user inpu...
Admidio 跨站请求伪造漏洞
Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.8, there was a vulnerability related to cross-site request forgery. This...
Shopify: H1514 Wholesale customer without checkout permission can complete purchases
Summary: By default, Shopify Wholesale customers are prevented from immediately checking out: F360280 Instead, a store admin must approve each order before the customer can pay. This restriction can be bypassed, allowing a customer to check out orders without prior approval. This also bypasses an...