Comments (6)
gwillem
commented on May 20, 2024
I wasn't entirely certain that BL_CustomGrid is vulnerable or that attackers were trying to exploit it. Additional info welcome!
from magevulndb.
AlterWeb
commented on May 20, 2024
@gwillem Thank you for your response. If I have some time in the near future I will have a look at it to determine if I can find a way to exploit it. I thought you already did so I disabled this module for some clients but did noticed that it was not being reported while enabled at a new clients Magento store.
from magevulndb.
jissereitsma
commented on May 20, 2024
Does the following link help? https://www.cybersecurity-help.cz/vdb/SB2018102411?affChecked=1
from magevulndb.
NikoGrano
commented on May 20, 2024
I can take this. I'm preparing anyways a PR here about one other vuln. Also I'm currently going trough this BL.
from magevulndb.
NikoGrano
commented on May 20, 2024
Currently working on this, will open PR and publish blog post today.
from magevulndb.
NikoGrano
commented on May 20, 2024
Waiting #48 to pass.
from magevulndb.
Related Issues (20)
- Question: How to verify "Potential vulnerable module" is vulnerable? HOT 4
- What does the "?" at the end of a module name mean? HOT 3
- M2 vulnerabilities list is empty. HOT 14
- How to mark "Potential vulnerable module found" as safe? HOT 4
- Amasty_PAction Maybe CWE-89? HOT 5
- Confirm Amasty M2 module tags HOT 3
- Todo: Cardgate_Payment XSS HOT 1
- Script for Magento 2 without Magerun HOT 1
- Add Stripe module to M1
- Vulnerable module Excellence_Ajax HOT 3
- Pixlogix_Flexibleforms HOT 4
- MW_FreeGift HOT 3
- WF_CustomerBalance admin Javascript could be hijacked
- Aheadworks_Layerednav HOT 1
- Need PoC for Sendinblue Magento1 vulnerability HOT 5
- Multi branch version support
- LS Retail Magento 2 `lsretailomni/lsmag-two` uncontrolled filesystem access
- LS Retail Magento 2 `lsretailomni/lsmag-two` insecure API endpoints HOT 2
- LS Retail Magento 2 `lsretailomni/lsmag-two` - no rate limiting
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from magevulndb.