Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2023-48813: CVE-ID-not-yet/slims/slims9_bulian-9.6.1-SQLI-fines_report.md at main · komangsughosa/CVE-ID-not-yet

Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/fines_report.php.

CVE
Open in Source
#sql#vulnerability#git#php
Kopage Website Builder 4.4.15 Cross Site Scripting

Kopage Website Builder version 4.4.15 suffers from a persistent cross site scripting vulnerability.

WBCE CMS 1.6.1 Shell Upload

WBCE CMS version 1.6.1 suffers from a remote shell upload vulnerability.

CVE-2023-48016: cves/CVE-2023-48016-restaurant-table-booking-system-SQLInjection.md at main · Serhatcck/cves

Restaurant Table Booking System V1.0 is vulnerable to SQL Injection in rtbs/admin/index.php via the username parameter.

CVE-2023-6442

A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file add-phlebotomist.php. The manipulation of the argument empid/fullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246445 was assigned to this vulnerability.

CVE-2023-6440

A vulnerability was found in SourceCodester Book Borrower System 1.0 and classified as problematic. This issue affects some unknown processing of the file endpoint/add-book.php. The manipulation of the argument Book Title/Book Author leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246443.

Associated Press, ESPN, CBS among top sites serving fake virus alerts

A fake antivirus alert may suddenly hijack your screen while browsing. This latest malvertising campaign hit top publishers.

GHSA-pr4w-m4rp-gp87: PHPMemcachedAdmin vulnerable to cross-site scripting (XSS) via improper encoding

A critical flaw has been identified in elijaa/phpmemcachedadmin affecting version 1.3.0, specifically related to a stored XSS vulnerability. This vulnerability allows malicious actors to insert a carefully crafted JavaScript payload. The issue arises from improper encoding of user-controlled entries in the "/pmcadmin/configure.php" parameter.

GHSA-8qfm-h8rh-h3r7: PHPMemcachedAdmin Path Traversal vulnerability

A Path traversal vulnerability has been reported in elijaa/phpmemcachedadmin affecting version 1.3.0. This vulnerability allows an attacker to delete files stored on the server due to lack of proper verification of user-supplied input.

CVE-2023-6402

A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file add-phlebotomist.php. The manipulation of the argument empid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246423.