55 matches found
CVE-2022-22897
A SQL injection vulnerability in the productalloneimg and imageproduct parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfiltrate database data...
CVE-2022-22897
CVE-2022-22897 describes a SQL injection in the ApolloTheme AP PageBuilder for PrestaShop up to version 2.4.4, affecting the parameters product_all_one_img and image_product . Unauthenticated attackers could exfiltrate database data by exploiting this vulnerability. The NVD/Nuclei entries confirm...
PrestaShop Ap Pagebuilder SQL注入漏洞
PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts, and product image zoom. A security vulnerability exists in PrestaShop Ap Pagebuilder 2.4.4 and earlier versions...
PrestaShop Ap Pagebuilder 2.4.4 SQL Injection Vulnerability
Exploit Title: AP PAGEBUILDER Prestashop module = 2.4.4 'productalloneimg' , 'imageproduct' Blind SQL Injection Exploit Author: Mohamed Ali Hammami Vendor Homepage: https://apollotheme.com/ Software Link : https://apollotheme.com/products/ap-pagebuilder-prestashop-module Version: 2.4.4 Tested on:...
Magento 2 Community Edition RCE Vulnerability
A remote code execution vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can insert a malicious payload through PageBuilder template methods...
GHSA-VPG9-GQ7J-MXQG Magento 2 Community Edition RCE Vulnerability
A remote code execution vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can insert a malicious payload through PageBuilder template methods...
WordPress Magic Content for Siteorigins Pagebuilder plugin <= 1.0.1 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Magic Content for Siteorigins Pagebuilder plugin versions = 1.0.1. Solution No patched version available...
WordPress Pootle Pagebuilder – WordPress Page builder plugin <= 5.7.0 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Pootle Pagebuilder – WordPress Page builder plugin versions = 5.7.0. Solution Update the WordPress Pootle Pagebuilder – WordPress Page builder plugin to the latest available version at least 5.7.1...
WordPress Pootle Pagebuilder – WordPress Page builder plugin <= 5.7.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Pootle Pagebuilder – WordPress Page builder plugin versions = 5.7.0. Solution Update the WordPress Pootle Pagebuilder – WordPress Page builder plugin to the latest available version at least 5.7.1...
CVE-2019-8144
A remote code execution vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can insert a malicious payload through PageBuilder template methods...
CVE-2019-8144
A remote code execution vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can insert a malicious payload through PageBuilder template methods...
Remote code execution
A remote code execution vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can insert a malicious payload through PageBuilder template methods...
CVE-2019-8144
Magento 2.3 (before 2.3.3 or 2.3.2-p1) is affected by a remote code execution vulnerability via PageBuilder template methods. An unauthenticated attacker can supply a payload to achieve RCE. Mitigation is to apply the Magento security patch 2.3.3 (and 2.2.10) as cited in security advisories; no e...
PRODSECBUG-2392: Cross-Site Scripting via PageBuilder Banner
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2403: Remote code execution through crafted PageBuilder templates
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...