AbanteCart 安全漏洞

AbanteCart is AbanteCart open source set of PHP-based e-commerce platform. A security vulnerability exists in AbanteCart version 1.4.0, which originates from a SQL injection vulnerability in the update function in publichtml/admin/controller/responses/listinggrid/collections.php...

CVE-2024-50801

A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in the update function in publichtml/admin/controller/responses/listinggrid/collections.php. The vulnerability is exploitable via the id parameter...

CVE-2024-50801

A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in the update function in publichtml/admin/controller/responses/listinggrid/collections.php. The vulnerability is exploitable via the id parameter...

CVE-2024-50802

A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in the update function in publichtml/admin/controller/responses/listinggrid/emailtemplates.php. The vulnerability is exploitable via the id parameter...

PT-2024-34413 · Unknown · Abantecart

Name of the Vulnerable Software and Affected Versions: AbanteCart version 1.4.0 Description: A SQL Injection issue was discovered in the update function in public html/admin/controller/responses/listing grid/email templates.php. The issue is exploitable via the id parameter. Recommendations: For...

CVE-2024-50801

CVE-2024-50801 and CVE-2024-50802 describe SQL Injection in AbanteCart 1.4.0 via the update() function. For CVE-2024-50801, the vulnerability is in public_html/admin/controller/responses/listing_grid/collections.php (id parameter). For CVE-2024-50802, it is in public_html/admin/controller/respons...

CVE-2024-50802

CVE-2024-50802 is a SQL Injection affecting AbanteCart 1.4.0, specifically in the update() function of public_html/admin/controller/responses/listing_grid/email_templates.php, exploitable via the id parameter. Related records (Red Hat, OSV, NVD, CVE lists) corroborate a vulnerability in AbanteCar...

AbanteCart 安全漏洞

AbanteCart is AbanteCart open source set of PHP-based e-commerce platform. A security vulnerability exists in AbanteCart version 1.4.0, which originates from a SQL injection vulnerability in the update function in publichtml/admin/controller/responses/listinggrid/emailtemplates.php...

CVE-2024-46376

CVE-2024-46376 affects Best House Rental Management System 1.0. The vulnerability is an arbitrary file upload in the update_account() function of the file rental/admin_class.php. Connected sources corroborate the issue across multiple feeds (NVD, Red Hat, CNNVD, CVE lists). The root cause describ...

GHSA-XXQW-83C7-R24R FeehiCMS file upload vulnerability

A vulnerability, which was classified as critical, was found in FeehiCMS up to 2.1.1. This affects the function update of the file /admin/index.php?r=friendly-link%2Fupdate. The manipulation of the argument FriendlyLinkimage leads to unrestricted upload. It is possible to initiate the attack...

PT-2024-38921 · Feehicms · Feehicms

Name of the Vulnerable Software and Affected Versions: FeehiCMS versions up to 2.1.1 Description: A critical vulnerability was found in FeehiCMS, affecting the function update of the file /admin/index.php?r=friendly-link%2Fupdate. The manipulation of the argument FriendlyLinkimage leads to...

CVE-2024-6754

The Social Auto Poster plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the ‘wpwautoposterupdatetweettemplate’ function in all versions up to, and including, 5.3.14. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2023-52680

In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing error checks to ctlget The ctlget functions which call scarlett2update were not checking the return value. Fix to check the return value and pass to the caller...

CVE-2024-32236

An issue in CmsEasy v.7.7 and before allows a remote attacker to obtain sensitive information via the update function in the index.php component...

PT-2024-24468 · Cmseasy · Cmseasy

Name of the Vulnerable Software and Affected Versions: CmsEasy versions 7.7 and earlier Description: The issue allows a remote attacker to obtain sensitive information via the update function in the "index.php" component. Recommendations: For CmsEasy versions 7.7 and earlier, update to a version...

CmsEasy 安全漏洞

CmsEasy is a content management system CMS for creating responsive websites from China's Jiuzhou ET Technology CmsEasy. A security vulnerability exists in CmsEasy v.7.7 and prior versions, which originated from allowing remote attackers to obtain sensitive information via the update function in t...

CVE-2024-32236

An issue in CmsEasy v.7.7 and before allows a remote attacker to obtain sensitive information via the update function in the index.php component...

CVE-2024-32236

An issue in CmsEasy v.7.7 and before allows a remote attacker to obtain sensitive information via the update function in the index.php component...

CVE-2024-32236

CmsEasy CVE-2024-32236 affects CmsEasy v7.7 and earlier. The issue resides in the update function of the index.php component, enabling a remote attacker to obtain sensitive information (information disclosure). Affected versions should be updated to a version later than 7.7 to resolve the issue. ...

CVE-2024-0447

The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the artibotupdate function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with...