#git

CVE-2023-4447: SQL injection vulnerability exists in RapidCMS Dev.1.3.1 · Issue #4 · OpenRapid/rapidcms

A vulnerability has been found in OpenRapid RapidCMS 1.3.1 and classified as critical. This vulnerability affects unknown code of the file admin/article-chat.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237568.

1 year ago

CVE

Open in Source

#sql #vulnerability #git #php

CVE-2023-4446: SQL injection vulnerability exists in RapidCMS Dev.1.3.1 · Issue #3 · OpenRapid/rapidcms

A vulnerability, which was classified as critical, was found in OpenRapid RapidCMS 1.3.1. This affects an unknown part of the file template/default/category.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237567.

1 year ago

CVE

Open in Source

#sql #vulnerability #git #php

CVE-2023-4437: cve_hub/PUBLIC CVE HUB/Free and Open Source inventory management system - vuln 2.pdf at main · E1CHO/cve_hub

A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file app/ajax/search_sell_paymen_report.php. The manipulation of the argument customer leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-237558 is the identifier assigned to this vulnerability.

1 year ago

CVE

Open in Source

#sql #vulnerability #git #php #pdf

CVE-2023-4436: cve_hub/PUBLIC CVE HUB/Free and Open Source inventory management system - vuln 1.pdf at main · E1CHO/cve_hub

A vulnerability, which was classified as critical, has been found in SourceCodester Inventory Management System 1.0. This issue affects some unknown processing of the file app/action/edit_update.php. The manipulation of the argument user_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-237557 was assigned to this vulnerability.

1 year ago

CVE

Open in Source

#sql #vulnerability #git #php #pdf

CVE-2022-24989: CVE-2022-24990 | AttackerKB

TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. (Shell metacharacters can be placed in raidtype because popen is used without any sanitization.) The credentials from CVE-2022-24990 exploitation can be used.

1 year ago

CVE

Open in Source

#vulnerability #web #mac #git #php #rce #auth

GHSA-g3mv-64h3-h482: Cockpit Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit version 2.6.3 and prior. A patch is available at commit 30609466c817e39f9de1871559603e93cd4d0d0c and anticipated to be part of version 2.6.4.

1 year ago

ghsa

Open in Source

#xss #vulnerability #git

CVE-2023-4451

Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.

1 year ago

CVE

Open in Source

#xss #git

Google's New Feature Ensures Your Pixel Phone Hasn't Been Hacked. Here’s How It Works

Pixel Binary Transparency is the latest security benefit for Pixel owners.