Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ [PRODSECBUG-2405] Injection vulnerability through email templates - CVE-2019-8143

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š [PRODSECBUG-2405] Injection vulnerability through email templates - CVE-2019-8143


๐Ÿ’ก Newskategorie: Sicherheitslรผcken
๐Ÿ”— Quelle: portal.patchman.co

An authenticated user with access to email templates could send malicious SQL queries and obtain access to sensitive information stored in the database.

Part of update Magento 2.3.3 and 2.2.10 Security Update

This vulnerability affects the following application versions:

  • Magento 2.0.0
  • Magento 2.0.1
  • Magento 2.0.2
  • Magento 2.0.3
  • Magento 2.0.4
  • Magento 2.0.5
  • Magento 2.0.6
  • Magento 2.0.7
  • Magento 2.0.8
  • Magento 2.0.9
  • Magento 2.0.10
  • Magento 2.0.11
  • Magento 2.0.12
  • Magento 2.0.13
  • Magento 2.0.14
  • Magento 2.0.15
  • Magento 2.0.16
  • Magento 2.0.17
  • Magento 2.0.18
  • Magento 2.1.0
  • Magento 2.1.1
  • Magento 2.1.2
  • Magento 2.1.3
  • Magento 2.1.4
  • Magento 2.1.5
  • Magento 2.1.6
  • Magento 2.1.7
  • Magento 2.1.8
  • Magento 2.1.9
  • Magento 2.1.10
  • Magento 2.1.11
  • Magento 2.1.12
  • Magento 2.1.13
  • Magento 2.1.14
  • Magento 2.1.15
  • Magento 2.1.16
  • Magento 2.1.17
  • Magento 2.1.18
  • Magento 2.2.0
  • Magento 2.2.1
  • Magento 2.2.2
  • Magento 2.2.3
  • Magento 2.2.4
  • Magento 2.2.5
  • Magento 2.2.6
  • Magento 2.2.7
  • Magento 2.2.8
  • Magento 2.2.9
  • Magento 2.3.0
  • Magento 2.3.1
  • Magento 2.3.2
  • Magento 2.3.2-p1
  • Magento 2.3.2-p2
...



๐Ÿ“Œ [PRODSECBUG-2192] Remote code execution though crafted newsletter and email templates


๐Ÿ“ˆ 39.25 Punkte

๐Ÿ“Œ [PRODSECBUG-2192] Remote code execution though crafted newsletter and email templates


๐Ÿ“ˆ 39.25 Punkte

๐Ÿ“Œ [PRODSECBUG-2198] SQL Injection vulnerability through an unauthenticated user


๐Ÿ“ˆ 33.69 Punkte

๐Ÿ“Œ [PRODSECBUG-2038] Stored cross-site scripting vulnerability in the Admin through the Checkbox Custom Option Value field


๐Ÿ“ˆ 30.17 Punkte

๐Ÿ“Œ Demystifying ARM Templates: Intro to ARM Templates | The DevOps Lab


๐Ÿ“ˆ 27.78 Punkte

๐Ÿ“Œ Email signature templates: how to create a professional email sign-off


๐Ÿ“ˆ 27.18 Punkte

๐Ÿ“Œ Stripo Inc: my.stripo.emai email verification bypassed and also create email templates


๐Ÿ“ˆ 27.18 Punkte

๐Ÿ“Œ [PRODSECBUG-2151] Remote Code Execution through Path Traversal


๐Ÿ“ˆ 26.95 Punkte

๐Ÿ“Œ [PRODSECBUG-2156] Remote Code Execution through Unauthorized File Upload


๐Ÿ“ˆ 26.95 Punkte

๐Ÿ“Œ [PRODSECBUG-2220] Deletion of store design schedule through cross-site request forgery


๐Ÿ“ˆ 26.95 Punkte

๐Ÿ“Œ [PRODSECBUG-2227] Deletion of SOAP/XML-RPC-User and SOAP/XML-RPC-Role through cross-site request forgery


๐Ÿ“ˆ 26.95 Punkte

๐Ÿ“Œ [PRODSECBUG-2126] Reflected cross-site scripting through manipulation of the Admin notification feed URL


๐Ÿ“ˆ 26.95 Punkte

๐Ÿ“Œ [PRODSECBUG-2236] SQL Injection and cross-site scripting vulnerability in Catalog section (XSS)


๐Ÿ“ˆ 25.45 Punkte

๐Ÿ“Œ Email Templates < 1.3.1 - HTML Injection


๐Ÿ“ˆ 24.05 Punkte

๐Ÿ“Œ [ PRODSECBUG-2123 ] PHP Object Injection (POI) and Remote Code Execution (RCE) in the Admin


๐Ÿ“ˆ 22.23 Punkte

๐Ÿ“Œ [PRODSECBUG-2277] SQL injection due to inadequate validation of user input


๐Ÿ“ˆ 22.23 Punkte

๐Ÿ“Œ [PRODSECBUG-2138] Widget Based XSS Vulnerability


๐Ÿ“ˆ 21.94 Punkte

๐Ÿ“Œ [ PRODSECBUG-2125 ] CSRF on deletion of Blocks Vulnerability


๐Ÿ“ˆ 21.94 Punkte

๐Ÿ“Œ [PRODSECBUG-2113] Vulnerability in Customer Shopping Cart


๐Ÿ“ˆ 21.94 Punkte

๐Ÿ“Œ [PRODSECBUG-2069] Vulnerability in Attribute Group Name


๐Ÿ“ˆ 21.94 Punkte

๐Ÿ“Œ [ PRODSECBUG-2053 ] Vulnerability in Newsletter Template


๐Ÿ“ˆ 21.94 Punkte

๐Ÿ“Œ [PRODSECBUG-2228] Sensitive Data Disclosure due to Insecure Direct Object References vulnerability


๐Ÿ“ˆ 21.94 Punkte

๐Ÿ“Œ [PRODSECBUG-2028] Stored cross-site scripting vulnerability in the Admin **Stores** > **Attributes** > **Product **configuration area


๐Ÿ“ˆ 21.94 Punkte

๐Ÿ“Œ [PRODSECBUG-204] Stored cross-site scripting vulnerability in Admin product names


๐Ÿ“ˆ 21.94 Punkte

๐Ÿ“Œ Template by OS Templates SQL Injection vulnerability


๐Ÿ“ˆ 20.62 Punkte

๐Ÿ“Œ IT Email Templates: Security Alerts


๐Ÿ“ˆ 20.53 Punkte

๐Ÿ“Œ Additional escaping for email templates


๐Ÿ“ˆ 20.53 Punkte

๐Ÿ“Œ Escaping of translatable strings in email templates to prevent XSS


๐Ÿ“ˆ 20.53 Punkte

๐Ÿ“Œ IT email templates: Security alerts


๐Ÿ“ˆ 20.53 Punkte

๐Ÿ“Œ How to create and use Email and Message Templates in Outlook


๐Ÿ“ˆ 20.53 Punkte

๐Ÿ“Œ Best Christmas Templates for Outlook email


๐Ÿ“ˆ 20.53 Punkte

๐Ÿ“Œ Marc chouinard, email security operations lead at vircom talks about email fraud, bec scams, and the evolution of email threats.


๐Ÿ“ˆ 19.93 Punkte

๐Ÿ“Œ GitLab: Email notification about login email changed is not received when using verified linked email address


๐Ÿ“ˆ 19.93 Punkte











matomo