Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bagisto vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2023-36236
Cross Site Scripting vulnerability in webkil Bagisto v.1.5.0 and before allows an malicious user to execute arbitrary code via a crafted SVG file uplad.
Webkul Bagisto
8.8
CVSSv3
CVE-2019-16403
In Webkul Bagisto prior to 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by other customers.
Webkul Bagisto
8.8
CVSSv3
CVE-2019-14933
Bagisto 0.1.5 allows CSRF under /admin URIs.
Webkul Bagisto 0.1.5
8.8
CVSSv3
CVE-2023-33570
Bagisto v1.5.1 is vulnerable to Server-Side Template Injection (SSTI).
Webkul Bagisto 1.5.1
NA
CVE-2024-27499
Bagisto v1.5.1 is vulnerable for Cross site scripting(XSS) via png file upload vulnerability in product review option.
NA
CVE-2023-36238
Insecure Direct Object Reference (IDOR) in Bagisto v.1.5.1 allows an malicious user to obtain sensitive information via the invoice ID parameter.
NA
CVE-2023-36237
Cross Site Request Forgery vulnerability in Bagisto before v.1.5.1 allows an malicious user to execute arbitrary code via a crafted HTML script.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400
CVE-2023-7252
CVE-2024-21111
denial of service
CVE-2024-29661
CVE-2024-22856
remote attackers
encryption
CVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started