There are no known exploits.

The OroCommerce package management system 5.0 and later is vulnerable to a Denial of Service attack. The attacker needs permission to create or edit a package. This issue has been patched in version 5.0.6. There are no known workarounds. There are no known exploits.

OroCommerce is prone to a cross-site scripting vulnerability in the “UPS Surcharge” field of the shipping rule edit page. This issue has been patched in version 5.0.6. There are no known workarounds. There are no known exploits.

OroCommerce is vulnerable to a remote Code Injection attack. This issue has been patched in version 5.0.6. There are no known workarounds. There are no known exploits.

OroCommerce is vulnerable to a remote Code Injection attack. This issue has been patched in version 5.0.6. There are no known workarounds. There are no known exploits.

OroCommerce is vulnerable to a remote Code Injection attack. This issue has been patched in version 5.0.6. There are no known workarounds. There are no known exploits.

OroCommerce is vulnerable to a remote Code Injection attack. This issue has been patched in version 5.0.6. There are no known workarounds. There are no known exploits.

OroCommerce is vulnerable to a remote Code Injection attack. This issue has

Summary

OroCommerce is vulnerable to many security flaws and needs to be patched immediately.

Timeline

Published on: 10/18/2022 10:15:00 UTC
Last modified on: 10/20/2022 15:28:00 UTC

References