Security
Headlines
HeadlinesLatestCVEs

Tag

#php

Lot Reservation Management System 1.0 File Disclosure

Lot Reservation Management System version 1.0 suffers from a file disclosure vulnerability.

Packet Storm
Open in Source
#sql#vulnerability#web#windows#google#microsoft#linux#php#auth#firefox
Craft CMS 4.4.14 Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability in Craft CMS versions 4.0.0-RC1 through 4.4.14.

Hospital Management System 4.0 XSS / Shell Upload / SQL Injection

Hospital Management System versions 4.0 and below suffer from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities.

GHSA-557v-xcg6-rm5m: Potential URI resolution path traversal in the AWS SDK for PHP

### Impact Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the`buildEndpoint` method in the `RestSerializer` component of the AWS SDK for PHP v3 prior to 3.288.1. The `buildEndpoint` method relies on the Guzzle Psr7 `UriResolver` utility, which strips dot segments from the request path in accordance with RFC 3986. Under certain conditions, this could lead to an arbitrary object being accessed. Versions of the AWS SDK for PHP v3 before 3.288.1 are affected by this issue. ### Patches Upgrade to the AWS SDK for PHP >= 3.288.1, if you are on version < 3.288.1. ### References RFC 3986 - [https://datatracker.ietf.org/doc/html/rfc3986](https://datatracker.ietf.org/doc/html/rfc3986#section-5.2.4) ### For more information If you have any questions or comments about this advisory, please contact [AWS's Security team](mailto:[email protected]).

GHSA-q5q3-qm26-9jwm: Authenticated Blind SSRF in automad/automad

automad up to 1.10.9 is vulnerable to an authenticated blind server-side request forgery in `importUrl` as the `import` function on the `FileController.php` file was not properly validating the value of the `importUrl` argument. This issue may allow attackers to perform a port scan against the local environment or abuse some service.

GHSA-fpph-mqc8-h6q5: Unrestricted File Upload affecting automad

A vulnerability was found in automad up to 1.10.9. This affects the function upload of the file `FileCollectionController.php` of the component `Content Type Handler`. The manipulation leads to unrestricted upload. The attack may be launched remotely and an exploit has been disclosed publicly.

Vinchin Backup And Recovery Command Injection

This Metasploit module exploits a command injection vulnerability in Vinchin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.*. Due to insufficient input validation in the checkIpExists API endpoint, an attacker can execute arbitrary commands as the web server user.

MOKOSmart MKGW1 Gateway Improper Session Management

MOKOSmart MKGW1 Gateway devices with firmware version 1.1.1 or below do not provide an adequate session management for the administrative web interface. This allows adjacent attackers with access to the management network to read and modify the configuration of the device.

MajorDoMo Remote Code Execution

MajorDoMo versions prior to 0662e5e suffer from an unauthenticated remote code execution vulnerability.

GHSA-67gv-xrw7-p72w: Phpsysinfo Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery (CSRF) vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file. Phpsysinfo 3.4.3 disables the functionality by default but the users may enable the vulnerable functionality.