Tag
#rce
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Versions 19.4.22 and 20.0.19 contain a patch for this issue.
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the customer media could execute code on the server. Versions 19.4.22 and 20.0.19 contain a patch for this issue.
An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file.
A nasty SSRF bug in Web Services plagues a laundry list of enterprise printers.
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news
Red Hat Security Advisory 2023-0469-01 - Red Hat Integration Camel Extensions for Quarkus 2.13.2 is now available. Issues addressed include denial of service and memory exhaustion vulnerabilities.
Red Hat Security Advisory 2023-0471-01 - An update is now available for Migration Toolkit for Runtimes (v1.0.1). Issues addressed include a denial of service vulnerability.
### Impact An administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile.
### Impact A layout block was able to bypass the block blacklist to execute remote code.
### Impact Magento admin users with access to the customer media could execute code on the server.