New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AW_Blog #3

Closed

1 task

gwillem opened this issue Dec 11, 2018 · 1 comment

Collaborator

gwillem commented Dec 11, 2018 •

edited by rhoerr

@pocallaghan reported POI probes for the aw_blog/block/render URI.

There already is an AW_Blog entry for a SQLi vuln that was discovered some years ago.

Todo:

figure out whether a fixed version exists

The text was updated successfully, but these errors were encountered:

Collaborator

mpchadwick commented Jan 8, 2019

AFAIK this is ONLY in the m2 version. And it was fixed in 2.4.6

Fixed vulnerability which allows a remote code execution via unserialize().

https://ecommerce.aheadworks.com/magento-extension-updates/blog

rhoerr closed this as completed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment