Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
FriendsofphpRecent
RecentMost viewed

1697 matches found

Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•37 views

PRODSECBUG-2462: Remote code execution via file upload in admin import feature

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

7.2CVSS7.2AI score0.01852EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•16 views

PRODSECBUG-2416: Using vulnerable component that provides abstraction of HTTP specification

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

9.8CVSS7.2AI score0.01239EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•12 views

PRODSECBUG-2419: Bypass of sitemp access restrictions

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

6.5CVSS7.2AI score0.00992EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•16 views

PRODSECBUG-2418: SQL injection via marketing account with access to email templates variables

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

8.8CVSS7.2AI score0.01002EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•13 views

PRODSECBUG-2417: Remote code execution via vulnerable Symphony dependecy injection

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

9.8CVSS7.2AI score0.02455EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•16 views

PRODSECBUG-2455: Stored cross-site scripting (XSS) from URL in to product page

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•16 views

PRODSECBUG-2452: User Password is stored in clear

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.3CVSS7.2AI score0.00726EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•14 views

PRODSECBUG-2448: Cross side scripting via admin panel dashboard

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•15 views

PRODSECBUG-2342: Cross-Site Scripting mitigation bypass

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

6.1CVSS7.2AI score0.01476EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•19 views

PRODSECBUG-2332: Remote code execution through arbitrary file inclusion

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

8.8CVSS7.2AI score0.01886EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•13 views

PRODSECBUG-2449: Remote code execution via local file delete and XSLT injection

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

7.2CVSS7.2AI score0.01852EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•12 views

PRODSECBUG-2447: Using JS libraries with known security vulnerabilities

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

9.8CVSS7.2AI score0.01239EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•13 views

PRODSECBUG-2376: Remote code execution through crafted page layout and image data

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

8.8CVSS7.2AI score0.01919EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•15 views

PRODSECBUG-2412: Cross-Site Scripting via Location Name

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•16 views

PRODSECBUG-2414: Remote code execution through custom layout update of the content management functionality

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

8.8CVSS7.2AI score0.01919EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•17 views

PRODSECBUG-2309: Server-side request forgery via crafted connector endpoint 

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

7.2CVSS7.2AI score0.01714EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•11 views

PRODSECBUG-2290: Cross-Site Scripting via admin panel

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•13 views

PRODSECBUG-2272: XPath Injection via front end rendering functionality

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

9.8CVSS7.2AI score0.01285EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•16 views

PRODSECBUG-2405: Injection vulnerability via email templates

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

6.5CVSS7.2AI score0.00902EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•17 views

PRODSECBUG-2403: Remote code execution through crafted PageBuilder templates

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

9.8CVSS7.2AI score0.02474EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•16 views

PRODSECBUG-2402: Cross-Site Scripting via Attribute Set Name

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•12 views

PRODSECBUG-2401: Cross-Site Scripting via Customer Attribute Option Value

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•20 views

PRODSECBUG-2398: Cross-Site Scripting via Customer Attribute Labels

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•11 views

PRODSECBUG-2446: Remote code execution via custom layout update in create product functionality

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

8.8CVSS7.2AI score0.01919EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•15 views

PRODSECBUG-2445: Insufficient logging and monitoring of configuration changes

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.3CVSS7.2AI score0.00811EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•14 views

PRODSECBUG-2440: Information disclosure through processing of external XML entities

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

4.9CVSS7.2AI score0.00877EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•16 views

PRODSECBUG-2434: SQL injection in 'Catalog Products List' widget leading to privilege escalation

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

8.8CVSS7.2AI score0.01255EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•17 views

PRODSECBUG-2410: Cross-Site Scripting via Dynamic block in the Page builder

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•13 views

PRODSECBUG-2444: Missing logs of configuration changes related to design update

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

4.9CVSS7.2AI score0.00964EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•14 views

PRODSECBUG-2470: Remote Code Execution in email templates

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

8.8CVSS7.2AI score0.01919EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•12 views

PRODSECBUG-2469: Remote Code Execution in email templates

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

8.8CVSS7.2AI score0.01919EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•11 views

PRODSECBUG-2494: Arbitrary file deletion through design layout update

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

6.5CVSS7.2AI score0.00791EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•17 views

PRODSECBUG-2489: Cross side scripting during the preview of email templates

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•13 views

PRODSECBUG-2464: Use of weak cryptographic function

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.3CVSS7.2AI score0.0092EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•15 views

PRODSECBUG-2462: Remote code execution via file upload in admin import feature

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

7.2CVSS7.2AI score0.01852EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•14 views

PRODSECBUG-2458: Cross-Site Scripting in image file names

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

4.8CVSS7.2AI score0.00552EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•12 views

PRODSECBUG-2485: Information Disclosure via File upload functionality

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

8.8CVSS7.2AI score0.01117EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•17 views

PRODSECBUG-2478: Broken authentication and session managememt

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

6.5CVSS7.2AI score0.01168EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•15 views

PRODSECBUG-2475: Remote Code Execution through Cross-Site Request Forgery (CSRF)

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

8CVSS7.2AI score0.00854EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•15 views

PRODSECBUG-2484: Arbitrary file deletion through export data data transfer

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

6.5CVSS7.2AI score0.00791EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•18 views

PRODSECBUG-2465: Bypass of user confirmation mechanism

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

7.5CVSS7.2AI score0.0056EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•16 views

PRODSECBUG-2456: Broken authentication and session managememt

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

7.5CVSS7.2AI score0.01949EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•29 views

PRODSECBUG-2344: Cross-Site Scripting via wysiwyg editor

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00591EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•15 views

PRODSECBUG-2445: Insufficient logging and monitoring of configuration changes

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.3CVSS7.2AI score0.00811EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•37 views

PRODSECBUG-2462: Remote code execution via file upload in admin import feature

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

7.2CVSS7.2AI score0.01852EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•16 views

PRODSECBUG-2445: Insufficient logging and monitoring of configuration changes

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.3CVSS7.2AI score0.00811EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•24 views

PRODSECBUG-2344: Cross-Site Scripting via wysiwyg editor

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00591EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/09/24 5:1 p.m.•15 views

CVE-2019-12617: Access escalation for CMS users with limited access through permission cache pollution

More info at https://www.silverstripe.org/download/security-releases/cve-2019-12617/...

4CVSS7.2AI score0.00855EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/09/24 5:1 p.m.•18 views

CVE-2019-14273: Broken Access control on files

More info at https://www.silverstripe.org/download/security-releases/cve-2019-14273/...

5.3CVSS7.2AI score0.01106EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/09/24 5:1 p.m.•18 views

CVE-2019-14272: XSS in file titles managed through the CMS

More info at https://www.silverstripe.org/download/security-releases/cve-2019-14272/...

5.4CVSS7.2AI score0.00725EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1697