Improper neutralization of SQL parameter in Theme Volty CMS BrandList module for PrestaShop In the module “Theme Volty CMS BrandList” (tvcmsbrandlist) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.

**IMPORTANT NOTICE**: DO NOT REPORT VULNERABILITIES SOLELY TO THE AUTHOR OR MARKETPLACE.

We urge you to report any vulnerabilities directly to us. Our mission is to ensure the safety and security of the PrestaShop ecosystem. Unfortunately, many module developers may not always recognize or acknowledge the vulnerabilities in their code, whether due to lack of awareness, or inability to properly evaluate the associated risk, or other reasons.

Given the rise in professional cybercrime networks actively seeking out these vulnerabilities, it's crucial that any potential threats are promptly addressed and the community is informed. The most effective method to do this is by publishing a CVE, like the one provided below.

Should you discover any vulnerabilities, **please report them to us at: report\[@\]security-presta.org**.

Every vulnerability report helps make the community more secure, and we are profoundly grateful for any information shared with us.

In the module “Theme Volty CMS BrandList” (tvcmsbrandlist) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.

**Summary**

*   **CVE ID**: CVE-2023-39651
*   **Published at**: 2023-09-26
*   **Platform**: PrestaShop
*   **Product**: tvcmsbrandlist
*   **Impacted release**: <= 4.0.1 (4.0.2 fixed the vulnerability)
*   **Product author**: Theme Volty
*   **Weakness**: CWE-89
*   **Severity**: critical (9.8)

**Description**

The script ajax.php has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.

**CVSS base metrics**

*   **Attack vector**: network
*   **Attack complexity**: low
*   **Privilege required**: none
*   **User interaction**: none
*   **Scope**: unchanged
*   **Confidentiality**: high
*   **Integrity**: high
*   **Availability**: high

**Vector string**: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

**Possible malicious usage**

*   Obtain admin access
*   Remove data from the associated PrestaShop
*   Copy/paste data from sensitive tables to FRONT to expose tokens and unlock admins’s ajax scripts
*   Rewrite SMTP settings to hijack emails

**Patch from 4.0.1**

    --- 4.0.1/tvcmsbrandlist/ajax.php
    +++ 4.0.2/tvcmsbrandlist/ajax.php
            $update_position[] = 'UPDATE 
                                            `' . _DB_PREFIX_ . 'tvcmsbrandlist` 
                                        SET
    -                                        `position` = ' . $pos . '
    +                                        `position` = ' . (int) $pos . '
                                        WHERE
    -                                        `id_tvcmsbrandlist` = ' . $value . ';';
    +                                        `id_tvcmsbrandlist` = ' . (int) $value . ';';
    

**Other recommendations**

*   It’s recommended to upgrade to the latest version of the module **tvcmsbrandlist**.
*   Upgrade PrestaShop to the latest version to disable multiquery executions (separated by “;”) - be warned that this functionality **WILL NOT** protect your SHOP against injection SQL which uses the UNION clause to steal data.
*   Change the default database prefix ps_ with a new longer, arbitrary prefix. Nevertheless, be warned that this is useless against blackhats with DBA senior skills because of a design vulnerability in DBMS
*   Activate OWASP 942’s rules on your WAF (Web application firewall), be warned that you will probably break your backoffice and you will need to pre-configure some bypasses against this set of rules.

**Timeline**

Date

Action

2023-02-10

Issue discovered during a code review by TouchWeb.fr

2023-02-10

Contact PrestaShop Addons security Team to confirm versions scope by author

2023-02-15

Author provide a patch which still own all criticals vulnerabilities

2023-04-13

Recontact PrestaShop Addons security Team to confirm versions scope by author

2023-04-13

Request a CVE ID

2023-05-19

Author provide patch

2023-08-15

Received CVE ID

2023-09-26

Publish this security advisory

**Links**

*   PrestaShop addons product page
*   Author product page
*   National Vulnerability Database

**DISCLAIMER:** _The French Association Friends Of Presta (FOP) acts as an intermediary to help hosting this advisory. While we strive to ensure the information and advice provided are accurate, FOP cannot be held liable for any consequences arising from reported vulnerabilities or any subsequent actions taken._

CVE-2023-39651: [CVE-2023-39651] Improper neutralization of SQL parameter in Theme Volty CMS BrandList module for PrestaShop

Improper neutralization of SQL parameter in Theme Volty CMS Category Slider module for PrestaShop. In the module “Theme Volty CMS Category Slider” (tvcmscategoryslider) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.

**IMPORTANT NOTICE**: DO NOT REPORT VULNERABILITIES SOLELY TO THE AUTHOR OR MARKETPLACE.

We urge you to report any vulnerabilities directly to us. Our mission is to ensure the safety and security of the PrestaShop ecosystem. Unfortunately, many module developers may not always recognize or acknowledge the vulnerabilities in their code, whether due to lack of awareness, or inability to properly evaluate the associated risk, or other reasons.

Given the rise in professional cybercrime networks actively seeking out these vulnerabilities, it's crucial that any potential threats are promptly addressed and the community is informed. The most effective method to do this is by publishing a CVE, like the one provided below.

Should you discover any vulnerabilities, **please report them to us at: report\[@\]security-presta.org**.

Every vulnerability report helps make the community more secure, and we are profoundly grateful for any information shared with us.

In the module “Theme Volty CMS Category Slider” (tvcmscategoryslider) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.

**Summary**

*   **CVE ID**: CVE-2023-39649
*   **Published at**: 2023-09-26
*   **Platform**: PrestaShop
*   **Product**: tvcmscategoryslider
*   **Impacted release**: <= 4.0.1 (4.0.2 fixed the vulnerability)
*   **Product author**: Theme Volty
*   **Weakness**: CWE-89
*   **Severity**: critical (9.8)

**Description**

The script ajax.php has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.

**CVSS base metrics**

*   **Attack vector**: network
*   **Attack complexity**: low
*   **Privilege required**: none
*   **User interaction**: none
*   **Scope**: unchanged
*   **Confidentiality**: high
*   **Integrity**: high
*   **Availability**: high

**Vector string**: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

**Possible malicious usage**

*   Obtain admin access
*   Remove data from the associated PrestaShop
*   Copy/paste data from sensitive tables to FRONT to expose tokens and unlock admins’s ajax scripts
*   Rewrite SMTP settings to hijack emails

**Patch from 4.0.1**

    --- 4.0.1/tvcmscategoryslider/ajax.php
    +++ 4.0.2/tvcmscategoryslider/ajax.php
            $update_position[] = 'UPDATE 
                                            `' . _DB_PREFIX_ . 'tvcmscategoryslider` 
                                        SET
    -                                        `position` = ' . $pos . '
    +                                        `position` = ' . (int) $pos . '
                                        WHERE
    -                                        `id_tvcmscategoryslider` = ' . $value . ';';
    +                                        `id_tvcmscategoryslider` = ' . (int) $value . ';';
    

**Other recommendations**

*   It’s recommended to upgrade to the latest version of the module **tvcmscategoryslider**.
*   Upgrade PrestaShop to the latest version to disable multiquery executions (separated by “;”) - be warned that this functionality **WILL NOT** protect your SHOP against injection SQL which uses the UNION clause to steal data.
*   Change the default database prefix ps_ with a new longer, arbitrary prefix. Nevertheless, be warned that this is useless against blackhats with DBA senior skills because of a design vulnerability in DBMS
*   Activate OWASP 942’s rules on your WAF (Web application firewall), be warned that you will probably break your backoffice and you will need to pre-configure some bypasses against this set of rules.

**Timeline**

Date

Action

2023-02-10

Issue discovered during a code review by TouchWeb.fr

2023-02-10

Contact PrestaShop Addons security Team to confirm versions scope by author

2023-02-15

Author provide a patch which still own all criticals vulnerabilities

2023-04-13

Recontact PrestaShop Addons security Team to confirm versions scope by author

2023-04-13

Request a CVE ID

2023-05-19

Author provide patch

2023-08-15

Received CVE ID

2023-09-26

Publish this security advisory

**Links**

*   PrestaShop addons product page
*   Author product page
*   National Vulnerability Database

**DISCLAIMER:** _The French Association Friends Of Presta (FOP) acts as an intermediary to help hosting this advisory. While we strive to ensure the information and advice provided are accurate, FOP cannot be held liable for any consequences arising from reported vulnerabilities or any subsequent actions taken._

CVE-2023-39649: [CVE-2023-39649] Improper neutralization of SQL parameter in Theme Volty CMS Category Slider module for PrestaShop

Improper neutralization of SQL parameter in Theme Volty CMS Testimonial module for PrestaShop. In the module “Theme Volty CMS Testimonial” (tvcmstestimonial) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.

**IMPORTANT NOTICE**: DO NOT REPORT VULNERABILITIES SOLELY TO THE AUTHOR OR MARKETPLACE.

We urge you to report any vulnerabilities directly to us. Our mission is to ensure the safety and security of the PrestaShop ecosystem. Unfortunately, many module developers may not always recognize or acknowledge the vulnerabilities in their code, whether due to lack of awareness, or inability to properly evaluate the associated risk, or other reasons.

Given the rise in professional cybercrime networks actively seeking out these vulnerabilities, it's crucial that any potential threats are promptly addressed and the community is informed. The most effective method to do this is by publishing a CVE, like the one provided below.

Should you discover any vulnerabilities, **please report them to us at: report\[@\]security-presta.org**.

Every vulnerability report helps make the community more secure, and we are profoundly grateful for any information shared with us.

In the module “Theme Volty CMS Testimonial” (tvcmstestimonial) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.

**Summary**

*   **CVE ID**: CVE-2023-39648
*   **Published at**: 2023-09-26
*   **Platform**: PrestaShop
*   **Product**: tvcmstestimonial
*   **Impacted release**: <= 4.0.1 (4.0.2 fixed the vulnerability)
*   **Product author**: Theme Volty
*   **Weakness**: CWE-89
*   **Severity**: critical (9.8)

**Description**

The script ajax.php has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.

**CVSS base metrics**

*   **Attack vector**: network
*   **Attack complexity**: low
*   **Privilege required**: none
*   **User interaction**: none
*   **Scope**: unchanged
*   **Confidentiality**: high
*   **Integrity**: high
*   **Availability**: high

**Vector string**: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

**Possible malicious usage**

*   Obtain admin access
*   Remove data from the associated PrestaShop
*   Copy/paste data from sensitive tables to FRONT to expose tokens and unlock admins’s ajax scripts
*   Rewrite SMTP settings to hijack emails

**Patch from 4.0.1**

    --- 4.0.1/tvcmstestimonial/ajax.php
    +++ 4.0.2/tvcmstestimonial/ajax.php
            $update_position[] = 'UPDATE 
                                            `' . _DB_PREFIX_ . 'tvcmstestimonial` 
                                        SET
    -                                        `position` = ' . $pos . '
    +                                        `position` = ' . (int) $pos . '
                                        WHERE
    -                                        `id_tvcmstestimonial` = ' . $value . ';';
    +                                        `id_tvcmstestimonial` = ' . (int) $value . ';';
    

**Other recommendations**

*   It’s recommended to upgrade to the latest version of the module **tvcmstestimonial**.
*   Upgrade PrestaShop to the latest version to disable multiquery executions (separated by “;”) - be warned that this functionality **WILL NOT** protect your SHOP against injection SQL which uses the UNION clause to steal data.
*   Change the default database prefix ps_ with a new longer, arbitrary prefix. Nevertheless, be warned that this is useless against blackhats with DBA senior skills because of a design vulnerability in DBMS
*   Activate OWASP 942’s rules on your WAF (Web application firewall), be warned that you will probably break your backoffice and you will need to pre-configure some bypasses against this set of rules.

**Timeline**

Date

Action

2023-02-10

Issue discovered during a code review by TouchWeb.fr

2023-02-10

Contact PrestaShop Addons security Team to confirm versions scope by author

2023-02-15

Author provide a patch which still own all criticals vulnerabilities

2023-04-13

Recontact PrestaShop Addons security Team to confirm versions scope by author

2023-04-13

Request a CVE ID

2023-05-19

Author provide patch

2023-08-15

Received CVE ID

2023-09-26

Publish this security advisory

**Links**

*   PrestaShop addons product page
*   Author product page
*   National Vulnerability Database

**DISCLAIMER:** _The French Association Friends Of Presta (FOP) acts as an intermediary to help hosting this advisory. While we strive to ensure the information and advice provided are accurate, FOP cannot be held liable for any consequences arising from reported vulnerabilities or any subsequent actions taken._

CVE-2023-39648: [CVE-2023-39648] Improper neutralization of SQL parameter in Theme Volty CMS Testimonial module for PrestaShop

Improper neutralization of SQL parameter in Theme Volty CMS Category Chain Slider module for PrestaShop. In the module “Theme Volty CMS Category Chain Slide"(tvcmscategorychainslider) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.

**IMPORTANT NOTICE**: DO NOT REPORT VULNERABILITIES SOLELY TO THE AUTHOR OR MARKETPLACE.

We urge you to report any vulnerabilities directly to us. Our mission is to ensure the safety and security of the PrestaShop ecosystem. Unfortunately, many module developers may not always recognize or acknowledge the vulnerabilities in their code, whether due to lack of awareness, or inability to properly evaluate the associated risk, or other reasons.

Given the rise in professional cybercrime networks actively seeking out these vulnerabilities, it's crucial that any potential threats are promptly addressed and the community is informed. The most effective method to do this is by publishing a CVE, like the one provided below.

Should you discover any vulnerabilities, **please report them to us at: report\[@\]security-presta.org**.

Every vulnerability report helps make the community more secure, and we are profoundly grateful for any information shared with us.

In the module “Theme Volty CMS Category Chain Slider” (tvcmscategorychainslider) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.

**Summary**

*   **CVE ID**: CVE-2023-39646
*   **Published at**: 2023-09-26
*   **Platform**: PrestaShop
*   **Product**: tvcmscategorychainslider
*   **Impacted release**: <= 4.0.1 (4.0.2 fixed the vulnerability)
*   **Product author**: Theme Volty
*   **Weakness**: CWE-89
*   **Severity**: critical (9.8)

**Description**

The script ajax.php has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.

**CVSS base metrics**

*   **Attack vector**: network
*   **Attack complexity**: low
*   **Privilege required**: none
*   **User interaction**: none
*   **Scope**: unchanged
*   **Confidentiality**: high
*   **Integrity**: high
*   **Availability**: high

**Vector string**: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

**Possible malicious usage**

*   Obtain admin access
*   Remove data from the associated PrestaShop
*   Copy/paste data from sensitive tables to FRONT to expose tokens and unlock admins’s ajax scripts
*   Rewrite SMTP settings to hijack emails

**Patch from 4.0.1**

    --- 4.0.1/tvcmscategorychainslider/ajax.php
    +++ 4.0.2/tvcmscategorychainslider/ajax.php
            $update_position[] = 'UPDATE 
                                            `' . _DB_PREFIX_ . 'tvcmscategorychainslider` 
                                        SET
    -                                        `position` = ' . $pos . '
    +                                        `position` = ' . (int) $pos . '
                                        WHERE
    -                                        `id_tvcmscategorychainslider` = ' . $value . ';';
    +                                        `id_tvcmscategorychainslider` = ' . (int) $value . ';';
    

**Other recommendations**

*   It’s recommended to upgrade to the latest version of the module **tvcmscategorychainslider**.
*   Upgrade PrestaShop to the latest version to disable multiquery executions (separated by “;”) - be warned that this functionality **WILL NOT** protect your SHOP against injection SQL which uses the UNION clause to steal data.
*   Change the default database prefix ps_ with a new longer, arbitrary prefix. Nevertheless, be warned that this is useless against blackhats with DBA senior skills because of a design vulnerability in DBMS
*   Activate OWASP 942’s rules on your WAF (Web application firewall), be warned that you will probably break your backoffice and you will need to pre-configure some bypasses against this set of rules.

**Timeline**

Date

Action

2023-02-10

Issue discovered during a code review by TouchWeb.fr

2023-02-10

Contact PrestaShop Addons security Team to confirm versions scope by author

2023-02-15

Author provide a patch which still own all criticals vulnerabilities

2023-04-13

Recontact PrestaShop Addons security Team to confirm versions scope by author

2023-04-13

Request a CVE ID

2023-05-19

Author provide patch

2023-08-15

Received CVE ID

2023-09-26

Publish this security advisory

**Links**

*   PrestaShop addons product page
*   Author product page
*   National Vulnerability Database

**DISCLAIMER:** _The French Association Friends Of Presta (FOP) acts as an intermediary to help hosting this advisory. While we strive to ensure the information and advice provided are accurate, FOP cannot be held liable for any consequences arising from reported vulnerabilities or any subsequent actions taken._

CVE-2023-39646: [CVE-2023-39646] Improper neutralization of SQL parameter in Theme Volty CMS Category Chain Slider module for PrestaShop

An arbitrary file upload vulnerability in the component /admin/plugin.php of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-44974: emlog/Plugin-getshell.md at main · yangliukk/emlog

An arbitrary file upload vulnerability in the component /content/templates/ of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.

CVE-2023-44973: emlog/Template-getshell.md at main · yangliukk/emlog

Theme volty tvcmspaymenticon up to v4.0.1 was discovered to contain a SQL injection vulnerability via the component /tvcmspaymenticon/ajax.php?action=update_position&recordsArray.

**IMPORTANT NOTICE**: DO NOT REPORT VULNERABILITIES SOLELY TO THE AUTHOR OR MARKETPLACE.

We urge you to report any vulnerabilities directly to us. Our mission is to ensure the safety and security of the PrestaShop ecosystem. Unfortunately, many module developers may not always recognize or acknowledge the vulnerabilities in their code, whether due to lack of awareness, or inability to properly evaluate the associated risk, or other reasons.

Given the rise in professional cybercrime networks actively seeking out these vulnerabilities, it's crucial that any potential threats are promptly addressed and the community is informed. The most effective method to do this is by publishing a CVE, like the one provided below.

Should you discover any vulnerabilities, **please report them to us at: report\[@\]security-presta.org**.

Every vulnerability report helps make the community more secure, and we are profoundly grateful for any information shared with us.

In the module “Theme Volty CMS Payment Icon” (tvcmspaymenticon) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.

**Summary**

*   **CVE ID**: CVE-2023-39645
*   **Published at**: 2023-09-26
*   **Platform**: PrestaShop
*   **Product**: tvcmspaymenticon
*   **Impacted release**: <= 4.0.1 (4.0.2 fixed the vulnerability)
*   **Product author**: Theme Volty
*   **Weakness**: CWE-89
*   **Severity**: critical (9.8)

**Description**

The script ajax.php has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.

**CVSS base metrics**

*   **Attack vector**: network
*   **Attack complexity**: low
*   **Privilege required**: none
*   **User interaction**: none
*   **Scope**: unchanged
*   **Confidentiality**: high
*   **Integrity**: high
*   **Availability**: high

**Vector string**: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

**Possible malicious usage**

*   Obtain admin access
*   Remove data from the associated PrestaShop
*   Copy/paste data from sensitive tables to FRONT to expose tokens and unlock admins’s ajax scripts
*   Rewrite SMTP settings to hijack emails

**Patch from 4.0.1**

    --- 4.0.1/tvcmspaymenticon/ajax.php
    +++ 4.0.2/tvcmspaymenticon/ajax.php
            $update_position[] = 'UPDATE 
                                            `' . _DB_PREFIX_ . 'tvcmspaymenticon` 
                                        SET
    -                                        `position` = ' . $pos . '
    +                                        `position` = ' . (int) $pos . '
                                        WHERE
    -                                        `id_tvcmspaymenticon` = ' . $value . ';';
    +                                        `id_tvcmspaymenticon` = ' . (int) $value . ';';
    

**Other recommendations**

*   It’s recommended to upgrade to the latest version of the module **tvcmspaymenticon**.
*   Upgrade PrestaShop to the latest version to disable multiquery executions (separated by “;”) - be warned that this functionality **WILL NOT** protect your SHOP against injection SQL which uses the UNION clause to steal data.
*   Change the default database prefix ps_ with a new longer, arbitrary prefix. Nevertheless, be warned that this is useless against blackhats with DBA senior skills because of a design vulnerability in DBMS
*   Activate OWASP 942’s rules on your WAF (Web application firewall), be warned that you will probably break your backoffice and you will need to pre-configure some bypasses against this set of rules.

**Timeline**

Date

Action

2023-02-10

Issue discovered during a code review by TouchWeb.fr

2023-02-10

Contact PrestaShop Addons security Team to confirm versions scope by author

2023-02-15

Author provide a patch which still own all criticals vulnerabilities

2023-04-13

Recontact PrestaShop Addons security Team to confirm versions scope by author

2023-04-13

Request a CVE ID

2023-05-19

Author provide patch

2023-08-15

Received CVE ID

2023-09-26

Publish this security advisory

**Links**

*   PrestaShop addons product page
*   Author product page
*   National Vulnerability Database

**DISCLAIMER:** _The French Association Friends Of Presta (FOP) acts as an intermediary to help hosting this advisory. While we strive to ensure the information and advice provided are accurate, FOP cannot be held liable for any consequences arising from reported vulnerabilities or any subsequent actions taken._

CVE-2023-39645: [CVE-2023-39645] Improper neutralization of SQL parameter in Theme Volty CMS Payment Icon module for PrestaShop

WordPress Contact Form Generator plugin version 2.5.5 suffers from a cross site scripting vulnerability.

    # Exploit Title: WP Plugins Contact Form Generator 2.5.5 - Reflected Cross-Site Scripting# Date: 03-10-2023# Exploit Author: Arvandy# Software Link: https://wordpress.org/plugins/contact-form-generator/# Vendor Homepage: https://www.creative-solutions.net/# Version: 2.5.5 # Tested on: Windows, Linux# CVE: CVE-2023-37988# Product DescriptionContact Form Generator is a powerful contact form builder for WordPress! It is structured for creating Contact Forms, Application Forms, Reservation Forms, Survey Forms, Contact Data Pages and much more. You will get ready-to-use forms just after installation. Ref: https://wordpress.org/plugins/contact-form-generator/# Vulnerability overview:The Wordpress plugins Contact Form Generator (CFG) <= 2.5.5 is vulnerable to reflected cross-site scripting via the id parameter in the Edit Fields form. This vulnerability could allow an unauthenticated malicious actor to inject malicious scripts against high privilege users.# Proof of Concept:Affected Endpoint: /wp-admin/admin.php?page=cfg_fields&act=edit&id=Affected Parameters: idXSS Payload: "><script>alert(document.cookie)</script>xhttp://example.com/wp-admin/admin.php?page=cfg_fields&act=edit&id=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3Ex# RecommendationUpgrade to version 2.6.0

WordPress Contact Form Generator 2.5.5 Cross Site Scripting

WordPress KiviCard plugin version 3.2.0 suffers from a cross site scripting vulnerability.

    # Exploit Title: WP Plugins KiviCare 3.2.0 - Reflected Cross-Site Scripting# Date: 03-10-2023# Exploit Author: Arvandy# Software Link: https://wordpress.org/plugins/kivicare-clinic-management-system/# Vendor Homepage: https://kivicare.io/# Version: 3.2.0# Tested on: Windows, Linux# CVE: CVE-2023-2624# Product DescriptionKiviCare is the most affordable self-hosted clinic and patient management system based on the WordPress platform. Set up your online clinic in no time. Ref: https://kivicare.io/# Vulnerability overview:The Wordpress plugins KiviCare - Clinic & Patient Management System (EHR) <= 3.2.0 is vulnerable to reflected cross-site scripting via the filterType parameter in the get weekly appointment function. This vulnerability could allow a malicious actor to inject malicious scripts.# Proof of Concept:Affected Endpoint: /wp-admin/admin-ajax.php?action=ajax_get&route_name=get_weekly_appointment&filterType=Affected Parameters: filterTypeXSS Payload: <img src=x onerror=alert(document.cookie)>http://192.168.56.115/wp-admin/admin-ajax.php?action=ajax_get&route_name=get_weekly_appointment&filterType=%3Cimg%20src=x%20onerror=alert(document.cookie)%3E# RecommendationUpgrade to version 3.2.1

WordPress KiviCare 3.2.0 Cross Site Scripting

Apple Security Advisory 09-26-2023-6 - Xcode 15 addresses memory disclosure, privilege escalation, and credential access vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-09-26-2023-6 Xcode 15

Xcode 15 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT213939.

Apple maintains a Security Updates page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

Dev Tools  
Available for: macOS Ventura 13.5 and later  
Impact: An app may be able to gain elevated privileges  
Description: This issue was addressed with improved checks.  
CVE-2023-32396: Mickey Jin (@patch1t)

GPU Drivers  
Available for: macOS Ventura 13.5 and later  
Impact: An app may be able to disclose kernel memory  
Description: The issue was addressed with improved memory handling.  
CVE-2023-40391: Antonio Zekic (@antoniozekic) of Dataflow Security

iTMSTransporter  
Available for: macOS Ventura 13.5 and later  
Impact: An app may be able to access App Store credentials  
Description: This issue was addressed by enabling hardened runtime.  
CVE-2023-40435: James Duffy (mangoSecure)

Xcode 15 may be obtained from:  
https://developer.apple.com/xcode/downloads/  To check that the Xcode  
has been updated:  * Select Xcode in the menu bar * Select About  
Xcode * The version after applying this update will be "Xcode 15".  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmUTSJgACgkQX+5d1TXa  
IvrnUhAAnpI05QaADKuxrzNT8qK0AnI99sCvI1G+nRpN7FhvwAnBmMSiKPBNmpLb  
o79j75mhDYSJiojeiBR+YJBFWZUoeKWcaa4TnXWfM8CndzqAnzf7wdAoXjOsv7Li  
+e701hE3f2tsMIMhcHszvC//gVzCZotrLKCGn4bxGP4E7x4lkjj5IB9a4XxAVsgr  
OoDignacVkUmrys1nuqyWIsLDk1rAYvikqA03SmG2mRhTp86O6BhyJNHRfftEfmH  
ppD3kFlihLPUGwvqOULoNnxCkL1vlk9qt0VPQxDHZsEq6hW4/RqrHGBErDeAImhI  
0m8jOQ9raP8vAxT8tp4r86HQZBs6RDBsX8J8EwerUfW6eCoO0QRsWt9/JTbPHpxW  
MPIndWwwucJ/bC4nchOUKs3LzkRXZrmtuevvt4Z4A1pbhOYqPCojT+X/JD/7qtEm  
A/vJAO+75p8uJWn/BCF1sTzX68qMRoJUnHtOYjwgGzYZ7fg4oQVv8oIIzfxqZxiE  
pM6FdVbxbpvnpleTRvaqpjRLRb5LI8rqlMhiyRboItSmbGuAvaKgeT/9LJlA2wxA  
VWiw4lSgYJ5JvxfrsidvWtJYen7RJYyo/HiIAT1OETBIdFFSmxr5ZQvHKojmi4En  
R5z/7L6G5Xry7VE47tKbEGC3IeeojM9mjvDkpQoOfHfvoNbj1pw=  
=OVwh  
-----END PGP SIGNATURE-----

Tag

#php