You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Since I cannot find a vulnerability disclosure program for MageSolutions, and this github repository is linked on their official page, I would like to warn everyone that this module is vulnerable on multiple accounts:
Bad Access Control (BAC)
XSS (Stored & Reflected)
Remote Code Execution (RCE)
CMS Page Injection
I would strongly suggest thinking twice before using this module. I have PoCs for all of the previously mentioned vulnerabilities for magento 2.3.x and 2.4.x, but I am going to refrain from posting them publicly here.
Whoever from MageSolution is responsible for maintaining this module, please contact me if you would like to view the PoCs.
The text was updated successfully, but these errors were encountered:
Since I cannot find a vulnerability disclosure program for MageSolutions, and this github repository is linked on their official page, I would like to warn everyone that this module is vulnerable on multiple accounts:
I would strongly suggest thinking twice before using this module. I have PoCs for all of the previously mentioned vulnerabilities for magento 2.3.x and 2.4.x, but I am going to refrain from posting them publicly here.
Whoever from MageSolution is responsible for maintaining this module, please contact me if you would like to view the PoCs.
The text was updated successfully, but these errors were encountered: