#php

### Impact The `context` variable is injected into almost any Twig Template and allows to access to current language, currency information. The context object allows also to switch for a short time the scope of the Context as a helper with a callable function. Example call from PHP: ```php $context->scope(Context::SYSTEM_SCOPE, static function (Context $context) use ($mediaService, $media, &$fileBlob): void { $fileBlob = $mediaService->loadFile($media->getId(), $context); }); ``` This function can be called also from Twig and as the second parameter allows any callable, it's possible to call from Twig any statically callable PHP function/method. It's not possible as customer to provide any Twig code, the attacker would require access to Administration to exploit it using Mail templates or using App Scripts. ### Patches Update to Shopware 6.6.5.1 or 6.5.8.13 ### Workarounds For older versions of 6.1, 6.2, 6.3 and 6.4 corresponding security measures are also available via a pl...

E-Commerce Site using PHP PDO version 1.0 suffers from a directory traversal vulnerability.

Covid-19 Directory on Vaccination System version 1.0 suffers from an ignored default credential vulnerability.

eduAuthorities version 1.0 suffers from a remote SQL injection vulnerability.

Concert Ticket Reservation System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Computer Laboratory Management System version 1.0 suffers from an ignored default credential vulnerability.

Codeprojects E-Commerce version 1.0 suffers from a cross site scripting vulnerability.

Blog Site version 1.0 suffers from a cross site scripting vulnerability.

Microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\modules\tags\add_tagging_tagged.php.

Online Shopping Portal Project version 2.0 suffers from a remote SQL injection vulnerability.