bug-bounty448
google354
xss341
microsoft283
facebook246
apple171
exploit163
rce160
malware102
account-takeover95
cve91
bragging-post84
csrf83
browser77
writeup76
privilege-escalation68
react60
authentication-bypass57
cloudflare54
dos53
node52
ssrf51
docker51
phishing50
aws48
access-control47
oauth45
smart-contract45
supply-chain44
ethereum43
defi42
web342
sql-injection41
lfi37
idor35
smart-contract-vulnerability32
vulnerability-disclosure32
web-application31
burp-suite31
reverse-engineering31
clickjacking31
race-condition31
info-disclosure31
wordpress30
cloud29
input-validation29
information-disclosure29
web-security27
solidity27
cors26
0
8/10
Two vulnerabilities in Magento e-commerce CMS exploitable by low-privilege admin accounts: (1) Remote Code Execution via path traversal in product design layout XML combined with phtml file upload through custom options, and (2) Local File Read through path traversal in email template CSS directive processing.
rce
local-file-read
path-traversal
magento
template-injection
privilege-escalation
cve-2018-9995
cve-2018-9996
xml-injection
admin-vulnerability
Magento
Adobe Experience Cloud
SCRT Team
Magento 2.3.0
Magento 2.2.7
Magento 2.1.16