Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection. When a normal customer orders any product, in the `add address` step they can inject a value to run in admin view. The issue can lead to remote code execution. Version 2.3.10 contains a patch.
oryginał ENCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XWebkul Bagisto
APPWebkul< 2.3.10
Powiązane podatności
Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side t...
Bagisto is an open source laravel eCommerce platform. In versions on the 2.3 branch prior to 2.3.10, API route...
Bagisto is an open source laravel eCommerce platform. Prior to version 2.3.10, an Insecure Direct Object Refer...
Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side t...
Bagisto is an open source laravel eCommerce platform. When product data that begins with a spreadsheet formula...