Lucene search
K

110 matches found

Github Security Blog
Github Security Blog
added 2024/12/18 9:30 p.m.23 views

Duplicate Advisory: openCart Server-Side Template Injection (SSTI) vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xrh7-2gfq-4rcq. This link is maintained to preserve external references. Original Description OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection SSTI via the Theme Editor Function...

7.2CVSS7.3AI score0.00887EPSS
Exploits1References7Affected Software1
Snyk
Snyk
added 2024/12/18 8:40 p.m.1 views

Improper Neutralization of Special Elements Used in a Template Engine

Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the Theme Editor due to improper sanitization. An attacker can manipulate server-side templates and execute arbitrary...

7.5CVSS7.8AI score0.00887EPSS
Exploits1References2
NVD
NVD
added 2024/12/18 8:15 p.m.13 views

CVE-2024-36694

OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection SSTI via the Theme Editor Function...

7.2CVSS0.00887EPSS
Exploits1References5
OSV
OSV
added 2024/12/18 12:0 a.m.12 views

CVE-2024-36694

OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection SSTI via the Theme Editor Function...

7.2CVSS7AI score0.00887EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2024/12/18 12:0 a.m.11 views

CVE-2024-36694

OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection SSTI via the Theme Editor Function...

7.1AI score0.00887EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/12/18 12:0 a.m.6 views

OpenCart 安全漏洞

OpenCart is an open source e-commerce system by the OpenCart team in China. The system provides modules for product reviews, product ratings, and product additions. A security vulnerability exists in OpenCart version 4.0.2.3, which stems from a server-side template injection that can be performed...

7.2CVSS6.9AI score0.00887EPSS
Exploits1References4
CVE
CVE
added 2024/12/18 12:0 a.m.65 views

CVE-2024-36694

OpenCart 4.0.2.3 is affected by a Server-Side Template Injection (SSTI) in the Theme Editor Function. The root cause is improper validation/sanitization of user input within the Theme Editor, allowing server-side template code execution. Documented impact indicates potential high severity with se...

7.2CVSS7.5AI score0.00887EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2024/12/18 12:0 a.m.26 views

CVE-2024-36694

OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection SSTI via the Theme Editor Function...

0.00887EPSS
Exploits1References5
GithubExploit
GithubExploit
added 2024/11/21 1:36 p.m.109 views

Exploit for CVE-2024-4439

CVE-2024-4439 CVE-2024-4439: Docker and POC Lab Setting...

7.2CVSS7.1AI score0.70822EPSS
Exploits4
OSV
OSV
added 2024/08/29 11:15 a.m.5 views

CVE-2022-2440

The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'imagesarray' parameter in versions up to, and including 2.8. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserializ...

7.2CVSS5.9AI score0.0074EPSS
Exploits0References3
NVD
NVD
added 2024/08/29 11:15 a.m.8 views

CVE-2022-2440

The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'imagesarray' parameter in versions up to, and including 2.8. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserializ...

7.2CVSS0.0074EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2024/08/29 11:15 a.m.2 views

CVE-2022-2440

The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'imagesarray' parameter in versions up to, and including 2.8. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserializ...

7.2CVSS6AI score0.0074EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/08/29 3:30 a.m.22 views

CVE-2022-2440 Theme Editor <= 2.8 - Authenticated (Admin+) PHAR Deserialization

The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'imagesarray' parameter in versions up to, and including 2.8. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserializ...

7.2CVSS0.0074EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/08/29 12:59 a.m.5 views

WordPress Theme Editor plugin <= 2.8 - Authenticated (Admin+) PHAR Deserialization vulnerability

Authenticated Admin+ PHAR Deserialization vulnerability discovered by Rasoul Jahanshahi in WordPress Plugin Theme Editor versions = 2.8...

7.2CVSS7AI score0.0074EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/08/29 12:0 a.m.12 views

WordPress Theme Editor Plugin <= 2.8 is vulnerable to PHP Object Injection

Software Theme Editor Type Plugin Vulnerable versions = 2.8 Fixed in 2.9 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2022-2440 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID b13ac324d817 Credits Rasoul Jahanshahi Required privilege Administrator...

7.2CVSS6.9AI score0.0074EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/08/29 12:0 a.m.6 views

WordPress plugin Theme Editor 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Theme Edit...

7.2CVSS7AI score0.0074EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/08/28 12:0 a.m.6 views

PT-2024-11529 · WordPress · Theme Editor

Name of the Vulnerable Software and Affected Versions: Theme Editor plugin for WordPress versions up to, and including 2.8 Description: The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the images array parameter. This makes it possible for authenticate...

7.2CVSS6.5AI score0.0074EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2024/08/06 12:31 p.m.20 views

CVE-2024-7551 juzaweb CMS Theme Editor default path traversal

A vulnerability was found in juzaweb CMS up to 3.4.2. It has been classified as problematic. Affected is an unknown function of the file /admin-cp/theme/editor/default of the component Theme Editor. The manipulation leads to path traversal. It is possible to launch the attack remotely. The exploi...

5.1CVSS7AI score0.00881EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/08/06 12:31 p.m.23 views

CVE-2024-7551 juzaweb CMS Theme Editor default path traversal

A vulnerability was found in juzaweb CMS up to 3.4.2. It has been classified as problematic. Affected is an unknown function of the file /admin-cp/theme/editor/default of the component Theme Editor. The manipulation leads to path traversal. It is possible to launch the attack remotely. The exploi...

5.1CVSS0.00881EPSS
Exploits1References4
OSV
OSV
added 2024/08/06 12:31 p.m.7 views

CVE-2024-7551 juzaweb CMS Theme Editor default path traversal

A vulnerability was found in juzaweb CMS up to 3.4.2. It has been classified as problematic. Affected is an unknown function of the file /admin-cp/theme/editor/default of the component Theme Editor. The manipulation leads to path traversal. It is possible to launch the attack remotely. The exploi...

5.1CVSS4.8AI score0.00881EPSS
Exploits1References6
Rows per page
Query Builder