110 matches found
Duplicate Advisory: openCart Server-Side Template Injection (SSTI) vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xrh7-2gfq-4rcq. This link is maintained to preserve external references. Original Description OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection SSTI via the Theme Editor Function...
Improper Neutralization of Special Elements Used in a Template Engine
Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the Theme Editor due to improper sanitization. An attacker can manipulate server-side templates and execute arbitrary...
CVE-2024-36694
OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection SSTI via the Theme Editor Function...
CVE-2024-36694
OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection SSTI via the Theme Editor Function...
CVE-2024-36694
OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection SSTI via the Theme Editor Function...
OpenCart 安全漏洞
OpenCart is an open source e-commerce system by the OpenCart team in China. The system provides modules for product reviews, product ratings, and product additions. A security vulnerability exists in OpenCart version 4.0.2.3, which stems from a server-side template injection that can be performed...
CVE-2024-36694
OpenCart 4.0.2.3 is affected by a Server-Side Template Injection (SSTI) in the Theme Editor Function. The root cause is improper validation/sanitization of user input within the Theme Editor, allowing server-side template code execution. Documented impact indicates potential high severity with se...
CVE-2024-36694
OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection SSTI via the Theme Editor Function...
Exploit for CVE-2024-4439
CVE-2024-4439 CVE-2024-4439: Docker and POC Lab Setting...
CVE-2022-2440
The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'imagesarray' parameter in versions up to, and including 2.8. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserializ...
CVE-2022-2440
The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'imagesarray' parameter in versions up to, and including 2.8. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserializ...
CVE-2022-2440
The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'imagesarray' parameter in versions up to, and including 2.8. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserializ...
CVE-2022-2440 Theme Editor <= 2.8 - Authenticated (Admin+) PHAR Deserialization
The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'imagesarray' parameter in versions up to, and including 2.8. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserializ...
WordPress Theme Editor plugin <= 2.8 - Authenticated (Admin+) PHAR Deserialization vulnerability
Authenticated Admin+ PHAR Deserialization vulnerability discovered by Rasoul Jahanshahi in WordPress Plugin Theme Editor versions = 2.8...
WordPress Theme Editor Plugin <= 2.8 is vulnerable to PHP Object Injection
Software Theme Editor Type Plugin Vulnerable versions = 2.8 Fixed in 2.9 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2022-2440 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID b13ac324d817 Credits Rasoul Jahanshahi Required privilege Administrator...
WordPress plugin Theme Editor 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Theme Edit...
PT-2024-11529 · WordPress · Theme Editor
Name of the Vulnerable Software and Affected Versions: Theme Editor plugin for WordPress versions up to, and including 2.8 Description: The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the images array parameter. This makes it possible for authenticate...
CVE-2024-7551 juzaweb CMS Theme Editor default path traversal
A vulnerability was found in juzaweb CMS up to 3.4.2. It has been classified as problematic. Affected is an unknown function of the file /admin-cp/theme/editor/default of the component Theme Editor. The manipulation leads to path traversal. It is possible to launch the attack remotely. The exploi...
CVE-2024-7551 juzaweb CMS Theme Editor default path traversal
A vulnerability was found in juzaweb CMS up to 3.4.2. It has been classified as problematic. Affected is an unknown function of the file /admin-cp/theme/editor/default of the component Theme Editor. The manipulation leads to path traversal. It is possible to launch the attack remotely. The exploi...
CVE-2024-7551 juzaweb CMS Theme Editor default path traversal
A vulnerability was found in juzaweb CMS up to 3.4.2. It has been classified as problematic. Affected is an unknown function of the file /admin-cp/theme/editor/default of the component Theme Editor. The manipulation leads to path traversal. It is possible to launch the attack remotely. The exploi...