#php

An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file.

kkFileView v4.3.0 is vulnerable to Incorrect Access Control.

PHPJabbers Appointment Scheduler version 3.0 suffers from a CSV injection vulnerability.

PHPJabbers Appointment Scheduler version 3.0 suffers from a missing rate limiting control that can allow for resource exhaustion.

PHPJabbers Appointment Scheduler version 3.0 suffers from multiple persistent cross site scripting vulnerabilities.

PHPJabbers Appointment Scheduler version 3.0 suffers from multiple html injection vulnerabilities.

October CMS version 3.4.0 suffers from a persistent cross site scripting vulnerability when a user has article posting capabilities.

October CMS version 3.4.0 suffers from a persistent cross site scripting vulnerability when a user has category-creating capabilities.

October CMS version 3.4.0 suffers from a persistent cross site scripting vulnerability when a user has blog-creating capabilities.

October CMS version 3.4.0 suffers from a persistent cross site scripting vulnerability when a user has author posting capabilities.