✅ 檢查你的版本
所有已知漏洞
CRITICAL9.8CVE-2026-21448Bagisto has Normal & Blind SSTI from low-privilege user when ordering product from 0, < 2.3.10
CRITICAL9.8CVE-2026-21446Bagisto Missing Authentication on Installer API Endpoints >= 2.3.0, < 2.3.10
CRITICAL9.0CVE-2025-62417bagisto has CSV Formula Injection in Create New Product from 0, < 2.3.8
HIGH8.8CVE-2026-21449Bagisto is vulnerable to SSTI via name parameters provided by non-admin low-privilege users from 0, < 2.3.10
from 0, < 1.3.2
from 0, < 0.1.5
HIGH8.8CVE-2019-16403Authorization Bypass Through User-Controlled Key in Bagisto from 0, < 0.1.5
HIGH8.3CVE-2025-60880Bagisto is vulnerable to XSS through Admin Panel's product creation path >= 2.3.6, < 2.3.7
HIGH7.1CVE-2026-21447Bagisto has IDOR in Customer Order Reorder Functionality from 0, < 2.3.10
MEDIUM6.9CVE-2025-62414bagisto has Cross Site Scripting (XSS) in Create New Customer from 0, < 2.3.8
MEDIUM6.9CVE-2025-62418bagisto has a Cross Site Scripting (XSS) vulnerability in TinyMCE Image Upload (SVG) from 0, < 2.3.8
MEDIUM6.9CVE-2025-62415bagisto has Cross Site Scripting (XSS) issue in TinyMCE Image Upload (HTML) from 0, < 2.3.8
MEDIUM6.5CVE-2023-36238Bagisto vulnerable to Insecure Direct Object Reference (IDOR) from 0, < 1.3.2
from 0, < 2.1.0
MEDIUM6.3CVE-2026-6744Bagisto affected by Server-Side Request Forgery from 0, <= 2.3.15
MEDIUM5.1CVE-2025-62416bagisto has Server Side Template Injection (SSTI) in Product Description from 0, < 2.3.8
from 0, < 1.3.2
from 0, <= 2.3.15
—CVE-2026-21450Bagisto SSTI vulnerability in type parameter can lead to RCE from 0, < 2.3.10
from 0, < 2.3.10