PT-2024-10622 · Unknown · Coingate Plugin

Name of the Vulnerable Software and Affected Versions: CoinGate Plugin versions up to 1.2.7 Description: A vulnerability was found in the CoinGate Plugin, affecting the function postProcess of the file modules/coingate/controllers/front/callback.php of the component Payment Handler. This issue...

PT-2024-26284 · Channable · Channable

Name of the Vulnerable Software and Affected Versions: Channable for PrestaShop versions up to 3.2.1 Description: The issue allows a guest to perform SQL injection via the ChannableFeedModuleFrontController::postProcess function. Recommendations: For versions up to 3.2.1, consider disabling the...

Local File Inclusion (LFI)

gradio is vulnerable to Local File Inclusion LFI. The vulnerability is due to improper input validation in the postprocess function within jsoncomponent.py, where a user-controlled string is parsed as JSON which can be exploited to read arbitrary files on the remote system...

PYSEC-2024-184

A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio version 4.25. The vulnerability arises from improper input validation in the postprocess function within gradio/components/jsoncomponent.py, where a user-controlled string is parsed as JSON. If the parsed JSON...

CVE-2024-4941

A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio version 4.25. The vulnerability arises from improper input validation in the postprocess function within gradio/components/jsoncomponent.py, where a user-controlled string is parsed as JSON. If the parsed JSON...

CVE-2024-4941

The CVE-2024-4941 issue affects gradio-app/gradio v4.25, specifically the JSON component. The root cause is improper input validation in gradio/components/json_component.py: a user-controlled string is parsed as JSON in postprocess(), and if a dict contains a path key, processing_utils.move_files...

Gradio Input Validation Error Vulnerability

Gradio is an open source Python library that is a way to demonstrate machine learning models through a friendly web interface. An input validation error vulnerability exists in Gradio version 4.25, which stems from improper input validation in the postprocess function, where the path field can be...

CVE-2024-26469

Server-Side Request Forgery SSRF vulnerability in Tunis Soft "Product Designer" productdesigner module for PrestaShop before version 1.178.36, allows remote attackers to cause a denial of service DoS and escalate privileges via the url parameter in the postProcess method...

CVE-2024-25842

An issue was discovered in Presta World "Account Manager - Sales Representative & Dealers - CRM" prestasalesmanager module for PrestaShop before version 9.0, allows remote attackers to escalate privilege and obtain sensitive information via the uploadLogo and postProcess methods...

CVE-2024-24302

An issue was discovered in Tunis Soft "Product Designer" productdesigner module for PrestaShop before version 1.178.36, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the postProcess method...

CVE-2024-25842

An issue was discovered in Presta World "Account Manager - Sales Representative & Dealers - CRM" prestasalesmanager module for PrestaShop before version 9.0, allows remote attackers to escalate privilege and obtain sensitive information via the uploadLogo and postProcess methods...

PrestaShop Security Breach

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, SMS alerts and product image scaling. A security vulnerability previously existed in PrestaShop Product Designer version 1.178.36, which stemmed from a...

PT-2024-20345 · Prestashop · Prestashop Product Designer Module

Name of the Vulnerable Software and Affected Versions: PrestaShop Product Designer module versions prior to 1.178.36 Description: An issue in the Product Designer module for PrestaShop allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the...

CVE-2024-25842

An issue was discovered in Presta World "Account Manager - Sales Representative & Dealers - CRM" prestasalesmanager module for PrestaShop before version 9.0, allows remote attackers to escalate privilege and obtain sensitive information via the uploadLogo and postProcess methods...

CVE-2024-24302

An issue was discovered in Tunis Soft "Product Designer" productdesigner module for PrestaShop before version 1.178.36, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the postProcess method...

CVE-2024-24302

An issue was discovered in Tunis Soft "Product Designer" productdesigner module for PrestaShop before version 1.178.36, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the postProcess method...

CVE-2023-45375

In the module "PireosPay" pireospay before version 1.7.10 from 01generator.com for PrestaShop, a guest can perform SQL injection via PireosPayValidationModuleFrontController::postProcess...

PT-2023-29532 · Pireospay +1 · Pireospay +1

Name of the Vulnerable Software and Affected Versions: PireosPay versions prior to 1.7.10 Description: A SQL injection issue exists in the PireosPay module for PrestaShop, where a guest can perform SQL injection via the PireosPayValidationModuleFrontController::postProcess function...

DEBIAN-CVE-2020-19189

Buffer Overflow vulnerability in postprocessterminfo function in tinfo/parseentry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command...

ncurses 缓冲区错误漏洞

ncurses is a character terminal processing library that provides a set of functions that can be called by the user to generate a text-based user interface. A security vulnerability exists in ncurses version 6.1 due to a buffer overflow in the postprocessterminfo method of tinfo/parseentry.c. The...