27 matches found
CVE-2026-45247
Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted...
CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Wednesday added a critical flaw impacting Mirasvit Cache Warmer, a popular Magento full-page cache extension, to its Known Exploited Vulnerabilities KEV catalog, following reports of active exploitation in the wild. The...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-45247link is external Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability This type of vulnerability is a frequent attack vector...
Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability
Mirasvit Full Page Cache Warmer contains a deserialization of untrusted data vulnerability that could allow unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie...
VulnCheck KEV: CVE-2026-45247
Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted...
CVE-2026-45247
Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted...
CVE-2026-45247 Mirasvit Cache Warmer for Magento < 1.11.12 PHP Object Injection
Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted...
CVE-2026-45247
Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted...
CVE-2026-45247
Summary: CVE-2026-45247 affects Mirasvit Full Page Cache Warmer for Magento 2 (pre‑1.11.12). The vulnerability arises from an unsafe PHP deserialization: a crafted serialized object placed in the CacheWarmer cookie is passed to PHP’s unserialize() without class restrictions, enabling unauthentica...
CVE-2026-45247 Mirasvit Cache Warmer for Magento < 1.11.12 PHP Object Injection
Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted...
EUVD-2026-31837
Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted...
Mirasvit Full Page Cache Warmer for Magento 2 代码问题漏洞
Mirasvit Full Page Cache Warmer for Magento 2 is a caching preheating extension developed by the American company Mirasvit for Magento 2. Versions prior to 1.11.12 of Mirasvit Full Page Cache Warmer for Magento 2 contained a code vulnerability. This vulnerability stemmed from the lack of...
PT-2026-43258
Name of the Vulnerable Software and Affected Versions Mirasvit Full Page Cache Warmer for Magento 2 versions prior to 1.11.12 Description An issue exists where unauthenticated attackers can achieve remote code execution by providing a crafted serialized PHP object within the CacheWarmer cookie...
EUVD-2017-5823
Malware in sbrugna...
EUVD-2017-5824
Malware in sbrugna...
VulnCheck KEV: CVE-2017-14321
Multiple cross-site scripting XSS vulnerabilities in the administrative interface in Mirasvit Helpdesk MX before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the 1 customer name or 2 subject in a ticket...
Mirasvit Helpdesk MX Cross-Site Scripting Vulnerability
Mirasvit Helpdesk MX is a set of extension support platform for Magento e-commerce system from Mirasvit. The platform provides a variety of extension modules for Magento. A cross-site scripting vulnerability exists in the administration interface of Mirasvit Helpdesk MX versions prior to 1.5.3. A...
Mirasvit Helpdesk MX Code Execution Vulnerability
Mirasvit Helpdesk MX is a set of extension support platform for Magento e-commerce system from Mirasvit. The platform provides a variety of extension modules for Magento. A security vulnerability exists in Mirasvit Helpdesk MX versions prior to 1.5.3. A remote attacker can exploit the vulnerabili...
CVE-2017-14320
Mirasvit Helpdesk MX before 1.5.3 might allow remote attackers to execute arbitrary code by leveraging failure to filter uploaded files...
Code injection
Mirasvit Helpdesk MX before 1.5.3 might allow remote attackers to execute arbitrary code by leveraging failure to filter uploaded files...