CVE-2018-19186

The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the route.php paymentMethod parameter...

PAYFORT payfort-php-SDK cross-site scripting vulnerability (CNVD-2019-08574)

PayFort is an online payment gateway. payfort-php-SDK is the PayFort payment gateway SDK. A cross-site scripting vulnerability exists in Amazon PAYFORT payfort-php-SDK on 2018-04-26 and earlier versions, which can be exploited by an attacker via the route.php paymentMethod parameter to conduct a...

VirtueMart com_virtuemart component SQL injection vulnerability in Joomla!

Joomla! is the U.S. Open Source Matters team developed a set of open source content management system CMS, it provides RSS feeds , site search and other features . VirtueMart comvirtuemart is one of the e-commerce components . A SQL injection vulnerability exists in version 3.0.14 of the Joomla!...

Spree controller Parameter Arbitrary Ruby Object Instantiation Command Execution

Spree Commerce 1.0.x before 2.0.0.rc1 allows remote authenticated administrators to instantiate arbitrary Ruby objects and executd arbitrary commands via the 1 paymentmethod parameter to core/app/controllers/spree/admin/ paymentmethodscontroller.rb; and the 2 promotionaction parameter to...