Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
commerce server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-37295
Aimeos is an Open Source e-commerce framework for online shops. Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like images but contain PHP code which can then be executed in the context of the web ser...
NA
CVE-2023-6120
The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for administrators to upload .pem or .crt files to arbitrary locations on the server.
Collne Welcart E-commerce
NA
CVE-2023-5953
The Welcart e-Commerce WordPress plugin prior to 2.9.5 does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. As a result, any authenticated users, such as subscriber could upload arbitrary files, such as PH...
Collne Welcart E-commerce
NA
CVE-2023-37532
HCL Commerce Remote Store server could allow a remote attacker, using a specially-crafted URL, to read arbitrary files on the system.
Hcltech Commerce
NA
CVE-2023-26366
Adobe Commerce versions 2.4.7-beta1 (and previous versions), 2.4.6-p2 (and previous versions), 2.4.5-p4 (and previous versions) and 2.4.4-p5 (and previous versions) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A...
Adobe Commerce 2.3.7
Adobe Commerce 2.4.3
Adobe Commerce 2.4.4
Adobe Commerce 2.4.5
Adobe Commerce 2.4.6
Adobe Magento 2.4.4
Adobe Magento 2.4.5
Adobe Magento 2.4.6
Adobe Commerce 2.4.0
Adobe Commerce 2.4.1
Adobe Commerce 2.4.2
Adobe Magento 2.4.7
Adobe Commerce 2.4.7
NA
CVE-2023-40532
Path traversal vulnerability in Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain partial information of the files on the web server.
Collne Welcart
NA
CVE-2023-39528
PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, the `displayAjaxEmailHTML` method can be used to read any file on the server, potentially even outside of the project if the server is not correctly configured. Version 8.1.1 contains a patch for thi...
Prestashop Prestashop
NA
CVE-2023-39530
PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete files from the server via the CustomerMessage API. Version 8.1.1 contains a patch for this issue. There are no known workarounds.
Prestashop Prestashop
NA
CVE-2023-39529
PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete a file from the server by using the Attachments controller and the Attachments API. Version 8.1.1 contains a patch for this issue. There are no known workarounds.
Prestashop Prestashop
NA
CVE-2023-29291
Adobe Commerce versions 2.4.6 (and previous versions), 2.4.5-p2 (and previous versions) and 2.4.4-p3 (and previous versions) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker...
Adobe Commerce 2.3.7
Adobe Commerce 2.4.3
Adobe Commerce 2.4.4
Adobe Commerce 2.4.5
Adobe Commerce 2.4.6
Adobe Magento 2.4.4
Adobe Magento 2.4.5
Adobe Magento 2.4.6
Adobe Commerce 2.4.0
Adobe Commerce 2.4.1
Adobe Commerce 2.4.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »