34 matches found
EUVD-2020-20488
Malware in sbrugna...
EUVD-2020-20489
Malware in sbrugna...
CVE-2020-27997
An issue was discovered in SmartStoreNET before 4.1.0. Lack of Cross Site Request Forgery CSRF protection may lead to elevation of privileges e.g., /admin/customer/create to create an admin account...
CVE-2020-27996
An issue was discovered in SmartStoreNET before 4.0.1. It does not properly consider the need for a CustomModelPartAttribute decoration in certain ModelBase.CustomProperties situations...
Vulnerability Research Highlights 2021
At SonarSource we are constantly improving our code analyzers to help developers write Clean Code. The detection of severe code vulnerabilities plays an important role in this process so that applications are protected from attacks and security breaches. For this same reason, our research team...
SmartStoreNET - Malicious Message leading to E-Commerce Takeover
SmartStoreNET is the leading open-source e-commerce platform for .NET, which makes it suitable for companies running Windows Server. Next to the operation of an online business, it offers advanced features, such as CRM tools, a blog and a forum. As a result, a SmartStoreNET instance handles highl...
Unspecified Vulnerability in Smartstore SmartStoreNET
Smartstore SmartStoreNET is an open source e-commerce Web platform of Germany Smartstore company . The platform includes CRM, CMS, sales, marketing, payment, order processing and other functions. A security vulnerability exists in SmartstoreNET version 4.1.1. The vulnerability stems from the...
CVE-2020-36365
Smartstore aka SmartStoreNET before 4.1.0 allows CommonController.ClearCache, ClearDatabaseCache, RestartApplication, and ScheduleTaskController.Edit open redirect...
CVE-2020-36365
Smartstore aka SmartStoreNET before 4.1.0 allows CommonController.ClearCache, ClearDatabaseCache, RestartApplication, and ScheduleTaskController.Edit open redirect...
CVE-2020-36364
An issue was discovered in Smartstore aka SmartStoreNET before 4.1.0. Administration/Controllers/ImportController.cs allows path traversal for copy and delete actions in the ImportController.Create method via a TempFileName field...
CVE-2020-36364
An issue was discovered in Smartstore aka SmartStoreNET before 4.1.0. Administration/Controllers/ImportController.cs allows path traversal for copy and delete actions in the ImportController.Create method via a TempFileName field...
Open redirect
Smartstore aka SmartStoreNET before 4.1.0 allows CommonController.ClearCache, ClearDatabaseCache, RestartApplication, and ScheduleTaskController.Edit open redirect...
CVE-2020-36365
Smartstore (aka SmartStoreNET) before 4.1.0 contains an open redirect vulnerability exploitable via CommonController.ClearCache, ClearDatabaseCache, RestartApplication, and ScheduleTaskController.Edit. An attacker can redirect a logged-in user to a malicious site, potentially enabling phishing or...
CVE-2020-36364
CVE-2020-36364 affects Smartstore/SmartStoreNET prior to 4.1.0. The issue arises in Administration/Controllers/ImportController.cs (ImportController.Create) where a TempFileName field enables path traversal during copy and delete actions. The publicly documented impact is classic path traversal, ...
Smartstore SmartStoreNET 路径遍历漏洞
Smartstore SmartStoreNET is an open source e-commerce Web platform of Germany Smartstore company . The platform includes CRM, CMS, sales, marketing, payment, order processing and other functions. A security vulnerability exists in Smartstore versions prior to 4.1.0 that allows path traversal in...
CVE-2021-32608
An issue was discovered in Smartstore aka SmartStoreNET through 4.1.1. Views/Boards/Partials/ForumPost.cshtml does not call HtmlUtils.SanitizeHtml on certain text for a forum post...
CVE-2021-32607
An issue was discovered in Smartstore aka SmartStoreNET through 4.1.1. Views/PrivateMessages/View.cshtml does not call HtmlUtils.SanitizeHtml on a private message...
Hardcoded credentials
An issue was discovered in Smartstore aka SmartStoreNET through 4.1.1. Views/Boards/Partials/ForumPost.cshtml does not call HtmlUtils.SanitizeHtml on certain text for a forum post...
Cross site scripting
An issue was discovered in Smartstore aka SmartStoreNET through 4.1.1. Views/PrivateMessages/View.cshtml does not call HtmlUtils.SanitizeHtml on a private message...
CVE-2021-32607
An issue was discovered in Smartstore aka SmartStoreNET through 4.1.1. Views/PrivateMessages/View.cshtml does not call HtmlUtils.SanitizeHtml on a private message...