The Contact Form by FormGet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formget' shortcode in versions up to, and including, 5.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2023-5125: index.php in formget-contact-form/trunk – WordPress Plugin Repository

SQL injection vulnerability in janobe Online Voting System v.1.0 allows a remote attacker to execute arbitrary code via the checklogin.php component.

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

CVE-2023-43470: GitHub - ae6e361b/Online-Voting-System

SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the ForPass.php component.

Submitted by janobe on Wednesday, October 14, 2020 - 18:47.

**Online Job Portal in PHP with Free Source Code (2020)**

This **Online Job Portal** is made up of PHP, Javascript and MYSQL for the database. The main purpose of this **Online Job Portal in PHP** is to provide convenience for Job Seekers in searching for various jobs depending on his qualifications and apply for the job. The features of this **Online Job Portal in PHP** are user-friendly that users can easily work on it and contains User Types such as Admin, Employer and Job Seeker.

**About the Online Job Portal in PHP with Free Source Code**

**Online Job Portals in PHP** are in demand nowadays, most especially that many people want to work at home due to the pandemic. Many job seekers want a more convenient way of working without going outside their place. That is why job portals can be a great help for them to seek for a job to apply. At the same time, it’s beneficial for employers to recruit employees in their company. In this **Online Job Portal in PHP**, the admin is the one who manage the users, manage job seeker, manage employer and so on. The employer can register himself first. If he already has an account, he can now log in into the web portal and view the Homepage. In the Homepage, the employer can now view the About Us, Employer, Job Seeker, Latest News and Contact Us. The employer can also upload information of various job vacancies in their company. And also has the ability to view number of applications and send an email to the job seekers. Same as the employer, Job seekers must register first to see if there are job vacancies which they can apply for.

**These are the following features of the Online Job Portal in PHP with Full Source Code.**

**Admin**

*   Home
*   Manage Users
*   Manage Job Seeker
*   Manage Employer
*   Posting News
*   View Feed Back
*   Login and Logout

**Employer**

*   Home Control
*   Panel Manage
*   Profile Posting
*   Job Walk-in Job
*   Manage Application
*   Login and Logout

**Job Seeker**

*   Home Page
*   About Us
*   Employer
*   Job Seeker
*   View Latest News
*   Contact Us

**How to setup the Online Job Portal in PHP with Full Source Code.**

1.  Download the zip file.
3.  Download and install XAMPP
4.  Run the XAMPP control panel and start MySQL and Apache
5.  Go to C:\\xampp\\htdocs and extract the downloaded zip file (**jobportal**) inside the folder
6.  Open the browser and go to http://localhost/phpmyadmin/ to create the database
7.  Click the new to create a database.
8.  Name the database **sourcecodester\_jobportaldb**.
9.  Click import to import the sql file.
10.  Click choose file and select the file that can be found inside the **jobportal** folder
11.  Click go.

**How to run the Online Job Portal in PHP with Full Source Code.**

Open the browser and go to http://localhost/jobportal/  
Accessing admin accounts

Username: admin  
Password: admin

Accessing Employer Accounts:

Username: janobe  
Password: janobe  
Or Register

Accessing Job Seekers Accounts:  
Please Register

This **Online Job Portal in PHP with Full Source Cod**e is for educational purposes only. You can download it as a reference and expand your knowledge in making a system. You can freely modify it, according to your desire.

*   9520 views

CVE-2023-43469: Online Job Portal in PHP with Full Source Code (2020)

Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the function mjs_get_ptr(). This vulnerability allows attackers to execute arbitrary code via a crafted input.

**Function Pointer Hijack mjs/mjs.c in mjs\_execute****Affected Projects**

mjs 2.20.0 (https://github.com/cesanta/mjs)

**Problem Type**

CWE-822 (Untrusted Pointer Dereference)

**Description**

I discovered a vulnerability that could potentially lead to function pointer hijacking. I believe this is a logical vulnerability since it does not trigger any out-of-bounds (OOB) or use-after-free (UAF) assertions when compiled with AddressSanitizer. An attacker can exploit this vulnerability by providing a specially crafted input to the affected program, leading to the execution of arbitrary code.

The function hijack happend in mjs.c:8824

call\_stack\_push\_frame(mjs, bp.start\_idx + i, retval\_stack\_idx);

/\* Perform the cfunction call \*/
((void (\*) (struct mjs \*)) mjs\_get\_ptr(mjs, \*func))(mjs);

call\_stack\_restore\_frame(mjs);

**PoC:****Log:**

    $ clang -g -O2 -o mjs mjs.c -DMJS_MAIN
    $ ./mjs poc.js 
    Illegal instruction

CVE-2023-43338: Function Pointer Hijack mjs/mjs.c in mjs_execute · Issue #250 · cesanta/mjs

D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of REMOTE_PORT parameters.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-43129: dlink/DIR-806/2/readme.md at main · mmmmmx1/dlink

D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection.

CVE-2023-43130: dlink/DIR-806/3 at main · mmmmmx1/dlink

SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql component.

CVE-2023-40989: CVE-2023-40989/CVE-2023-40989 at main · Zone1-Z/CVE-2023-40989

dst-admin v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the userId parameter at /home/playerOperate.

CVE-2023-43270: someCVE/dst-admin-RCE at main · Libestor/someCVE

TaxonWorks is a web-based workbench designed for taxonomists and biodiversity scientists. Prior to version 0.34.0, a SQL injection vulnerability was found in TaxonWorks that allows authenticated attackers to extract arbitrary data from the TaxonWorks database (including the users table). This issue may lead to information disclosure. Version 0.34.0 contains a fix for the issue.


**Summary**

A SQL injection vulnerability was found in TaxonWorks that allows authenticated attackers to extract arbitrary data from the TaxonWorks database (including the users table).

**Impact**

This issue may lead to Information Disclosure.

CVE-2023-43640: SQL injection vulnerability in TaxonWorks

Command injection vulnerability in the homemng.htm endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows authenticated remote attackers to execute commands as root via specially crafted HTTP requests to the vulnerable endpoint.

*   September 18, 2023
*   Advisories

**EIP-9f56ea7e**

A command injection exists in Juplink RX4-1500, a WiFi router. An authenticated attacker can exploit this vulnerability to achieve code execution as root.

Vulnerability Identifiers

*   Exodus Intelligence: EIP-9f56ea7e
*   MITRE: CVE-2023-41029

**Vulnerability Metrics**

*   CVSSv2 Vector: AV:A/AC:L/Au:S/C:C/I:C/A:C
*   CVSSv2 Score: 7.7

**Vendor References**

*   The affected product is end-of-life and no patches are available.

**Discovery Credit**

*   Exodus Intelligence

**Disclosure Timeline**

*   Vendor response to disclosure: July 30, 2020
*   Disclosed to public: September 18, 2023

**Further Information**

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at sales@exodusintel.com.