PT-2026-6481

Summary A Prototype Pollution vulnerability exists in the the npm package locutus 2.0.12. Despite a previous fix that attempted to mitigate Prototype Pollution by checking whether user input contained a forbidden key, it is still possible to pollute Object.prototype via a crafted input using...

GetSimple CMS My SMTP Contact 1.1.1 CSRF / Remote Code Execution

Exploit Title: GetSimple CMS My SMTP Contact Plugin = v1.1.1 - CSRF to RCE Exploit Author: Bobby Cooke boku Date: April 15th, 2021 Vendor Homepage: http://get-simple.info Software Link: http://get-simple.info/extend/download.php?file=files/18274/1221/my-smtp-contact1.1.1.zip&id=1221 Vendor:...

Prototype Pollution

locutus is vulnerable to prototype pollution. The vulnerability exists as the php.strings.parsestr function does not restrict proto, constructor and prototype headers to be set in objects...

PT-2020-19741 · Locutus · Locutus

Name of the Vulnerable Software and Affected Versions: locutus versions prior to 2.0.12 Description: The issue concerns Prototype Pollution via the php.strings.parse str function. This affects the locutus package, allowing for potential manipulation of objects. Recommendations: For versions prior...