Magento 1: BL/CustomGrid Security Flaw

July 24, 2019July 31, 20192 years ago Niko 1990 Views 2 Comments magento1, object-injection, security, xss-injection min read

As most of people can notice, I have been going trough Magento modules lately hunting for possible security flaws. This time I decided to review BL/CustomGrid, why? This module is not maintained for long time

Magento 1 PHP Programming

Magento 1: Netreviews/Avisverifies Security Flaw

July 21, 2019July 24, 20192 years ago Niko 1600 Views 0 Comments CWE-79, CWE-915, magento1, object-injection, security min read

After browsing again Magevulndb repository I encountered issue and PR open due original reporter have went 404. So I decided to give some help for these guys! Anyways, everybody wins when issues are reported. Discovering