Search Results | AttackerKB

Show filters

Topics 4 Users 9,713

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

4 Total Results

Displaying 1-4 of 4

Attacker Value

Unknown

CVE-2023-36236

Disclosure Date: January 16, 2024 (last updated January 21, 2024)

Cross Site Scripting vulnerability in webkil Bagisto v.1.5.0 and before allows an attacker to execute arbitrary code via a crafted SVG file uplad.

Attack Vector: Network Privileges: High User Interaction: Required

0

Attacker Value

Unknown

CVE-2023-33570

Disclosure Date: June 28, 2023 (last updated October 08, 2023)

Bagisto v1.5.1 is vulnerable to Server-Side Template Injection (SSTI).

Attack Vector: Network Privileges: Low User Interaction: None

0

Attacker Value

Unknown

CVE-2019-16403

Disclosure Date: September 18, 2019 (last updated November 27, 2024)

In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by other customers.

Attack Vector: Network Privileges: Low User Interaction: None

0

Attacker Value

Unknown

CVE-2019-14933

Disclosure Date: August 11, 2019 (last updated November 27, 2024)

Bagisto 0.1.5 allows CSRF under /admin URIs.

0