CVE-2026-21449 – Bagisto has SSTI via first and last name from low-privilege user (not admin)

CVE ID : CVE-2026-21449

Published : Jan. 2, 2026, 9:16 p.m. | 1 hour, 9 minutes ago

Description : Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection via first name and last name from a low-privilege user. Version 2.3.10 fixes the issue.

Severity: 7.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2025-64123 – Nuvation Energy nCloud Client-to-Client Communication

CVE-2025-64122 – Nuvation Energy Multi-Stack Controller Private Key Stored on Device

CVE-2025-64121 – Nuvation Energy Multi-Stack Controller Authentication Bypass

CVE-2025-64120 – Nuvation Energy Multi-Stack Controller OS Command Injection