EUVD-2020-26483

Malware in sbrugna...

EUVD-2022-3286

Malicious code in bioql PyPI...

CVE-2020-5288

"In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there is improper access controls on product attributes page. The problem is fixed in 1.7.6.5...

PrestaShop SQL注入漏洞

PrestaShop is an open source e-commerce solution from the American company PrestaShop. The solution provides multiple payment methods, short message alerts and product image zoom and other features. A SQL injection vulnerability exists in PrestaShop preorderandnotication 3.1.0 and earlier version...

Withdrawn Advisory: Magento 2 Community Edition RCE Vulnerability

Withdrawn Advisory This advisory has been withdrawn because the vulnerability does not affect a package in one of the GitHub Advisory Database's supported ecosystems. This link is maintained to preserve external references. Original Description In Magento prior to 1.9.4.3, and Magento prior to...

Magento 2 Community Edition XSS Vulnerability

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to store product attributes to inject malicious javascript...

GHSA-94FC-RXHV-VVF8 Magento 2 Community Edition XSS Vulnerability

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to store product attributes to inject malicious javascript...

Remote Code Execution (RCE)

openmage/magento-lts is vulnerable to remote code execution RCE. The vulnerability exists as an admin user can generate SOAP credentials that can be used to cause RCE with a PHP Object Injection flaw through the product attributes...

CVE-2020-15244

In Magento rubygems openmage/magento-lts package before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. The issue is patched in versions 19.4.8 and 20.0.4...

CVE-2020-5288

"In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there is improper access controls on product attributes page. The problem is fixed in 1.7.6.5...

CVE-2020-5288

"In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there is improper access controls on product attributes page. The problem is fixed in 1.7.6.5...

Improper access control

"In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there is improper access controls on product attributes page. The problem is fixed in 1.7.6.5...

CVE-2020-5288

CVE-2020-5288 affects PrestaShop versions 1.7.0.0–1.7.6.5, with improper access controls on the product attributes page. The root cause is access control misconfigurations that could expose resources to unauthorized roles. The issue is fixed in version 1.7.6.5. No exploitation details are provide...

CVE-2020-5288 Improper access control on product attributes page in PrestaShop

"In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there is improper access controls on product attributes page. The problem is fixed in 1.7.6.5...

Code injection

In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit product attributes can execute arbitrary code through crafted layout updates...

CVE-2019-8229

In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit product attributes can execute arbitrary code through crafted layout updates...

CVE-2019-8091

A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileges to access product attributes can leverage layout updates to trigger remote code execution...

CVE-2019-8091

A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileges to access product attributes can leverage layout updates to trigger remote code execution...

CVE-2019-8091

CVE-2019-8091 is a remote code execution vulnerability in Magento 1.x prior to 1.9.4.3 and Magento 1.14.4.3. An authenticated admin user with privileges to access product attributes can exploit layout updates to trigger code execution. Affected products: Magento Open Source before 1.9.4.3 and Mag...

CVE-2019-7937

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to store product attributes to inject malicious javascript...