E-Commerce

bagisto/bagisto

Free and open source laravel eCommerce platform

#ecommerce-framework#laravel#php#ecommerce#ecommerce-platform#laravel-application#laravel-package#multi-tenant#multi-tenancy-plugin#hacktoberfest#headless-commerce#nft-marketplace#open-source#blockchain-ecommerce#opensource-ecommerce#php-ecommerce#multi-vendor-ecommerce#laravel-ecommerce#multivendor-ecommerce#b2b-ecommerce

スコア

/ 100

Star

26,838

Fork

3,114

Open Issue

サイズ

378MB

言語

PHP ★

最終push

1 日前

Docker

🐳 compose ★

採点内訳

過去CVE 11件 (やや多い)

✓

直近 push: 1 日前

✓

得意言語 (PHP)

✓

オープンissue 26件

—

大規模 (378MB)

—

Docker 対応 (compose)

✓

10k–50k: 中級 (★26,838)

—

※ 各項目の重みは「採点ルール」を参照。合計は 0 で底打ち。

過去の SecurityAdvisory (11 件)

MEDIUMGHSA-mqhg-v22x-pqj8 CVE-2026-214492026/1/2
SSTI in first and last name from low privileged user (not admin)
HIGHGHSA-5j4h-4f72-qpm6 CVE-2026-214482026/1/2
Normal & Blind SSTI from low privilege user when order product
MEDIUMGHSA-2mwc-h2mg-v6p8 CVE-2026-214512026/1/2
Bagisto 2.3.8 HTML Filter Bypass Enables Stored XSS
HIGHGHSA-x5rw-qvvp-5cgm CVE-2026-214472026/1/2
IDOR in Customer Order Reorder Functionality
HIGHGHSA-9hvg-qw5q-wqwp CVE-2026-214502026/1/2
SSTI in parameter can lead to RCE
CRITICALGHSA-6h7w-v2xr-mqvw CVE-2026-214462026/1/2
Missing Authentication on Installer API Endpoints
MEDIUMGHSA-r9xj-mvqf-jm7w CVE-2025-624142025/10/16
bagisto v2.3.7 - Cross Site Scripting (XSS) in Create New Customer
MEDIUMGHSA-fg89-g389-p346 CVE-2025-624182025/10/16
bagisto v2.3.7 - Cross Site Scripting (XSS) in TinyMCE Image Upload (SVG)
MEDIUMGHSA-jqrp-58fv-w8cq CVE-2025-624172025/10/16
bagisto v2.3.7 - CSV Formula Injection in Create New Product
MEDIUMGHSA-527q-4wqv-g9wj CVE-2025-624162025/10/16
bagisto v2.3.7 - Server Side Template Injection (SSTI) in Product Description
MEDIUMGHSA-67px-r26w-598x CVE-2025-624152025/10/16
bagisto v2.3.7 - Cross Site Scripting (XSS) in TinyMCE Image Upload (HTML)