CNNVD-202601-073 Information

CNNVD ID

CNNVD-202601-073

Related CVE

CVE-2026-21448

• CNNVD Published: 2026-01-02

Description (Chinese)

Webkul Software Bagisto是印度Webkul Software公司的一套开源的电子商务框架。 Webkul Software Bagisto 2.3.10之前版本存在安全漏洞，该漏洞源于服务器端模板注入，可能导致远程代码执行。

Description (English)

Webkul Software Bagisto is an open-source e-commerce framework for Webkul Software in India. There was a security loophole in the pre-Webkul Software Bagisto 2.3.10 that originated from the injection of server-end templates, which could lead to remote code execution.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Webkul Software

Published

2026-01-02

Last Modified

2026-02-24

References

https://github.com/bagisto/bagisto/security/advisories/GHSA-5j4h-4f72-qpm6 https://access.redhat.com/security/cve/cve-2026-21448

Patch

https://github.com/bagisto/bagisto/releases