Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2023-5258: SQL injection vulnerability exists in RapidCMS Dev.1.3.1 · Issue #4 · yhy217/rapidcms-vul

A vulnerability classified as critical has been found in OpenRapid RapidCMS 1.3.1. This affects an unknown part of the file /resource/addgood.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240867.

CVE
Open in Source
#sql#vulnerability#web#mac#windows#git#php#firefox
CVE-2023-43014: Asset Management System v1.0 - Authenticated SQL Injection (SQLi) | Advisories | Fluid Attacks

Asset Management System v1.0 is vulnerable to an Authenticated SQL Injection vulnerability on the 'first_name' and 'last_name' parameters of user.php page, allowing an authenticated attacker to dump all the contents of the database contents.

CVE-2023-44173: projectworlds | Free Projects and Free Learnings

Online Movie Ticket Booking System v1.0 is vulnerable to an authenticated Reflected Cross-Site Scripting vulnerability.

CVE-2023-43013: Asset Management System v1.0 - Unauthenticated SQL Injection (SQLi) | Advisories | Fluid Attacks

Asset Management System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'email' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control.

CVE-2023-5185: Gym Management System Project v1.0 - Insecure File Upload | Advisories | Fluid Attacks

Gym Management System Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'file' parameter of profile/i.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application.

CVE-2023-5004: Hospital-management-system-in-php 378c157 - Blind SQL Injection | Advisories | Fluid Attacks

Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI.

CVE-2023-43226: GitHub - zzq66/cve: poc

An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file.

CVE-2023-30415: Getting my first CVE

Sourcecodester Packers and Movers Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /inquiries/view_inquiry.php.

GHSA-pq98-6hf6-3rj3: Economizzer remote code execution vulnerability

A remote code execution (RCE) vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may visit the web shell and execute arbitrary commands.