Security
Headlines
HeadlinesLatestCVEs

Tag

#php

Aicte India LMS 3.0 Cross Site Scripting

Aicte India LMS version 3.0 suffers from a cross site scripting vulnerability.

Packet Storm
#xss#vulnerability#windows#google#php#auth#firefox
CVE-2023-45367: ⚓ T344923 User can store arbitrary number of rows in cu_useragent_clienthints

An issue was discovered in the CheckUser extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. A user can use a rest.php/checkuser/v0/useragent-clienthints/revision/ URL to store an arbitrary number of rows in cu_useragent_clienthints, leading to a denial of service.

CVE-2023-45363: ⚓ T333050 RequestTimeoutException when querying pages redirected to other variants with redirects and converttitles set

An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set.

CVE-2023-45364: ⚓ T264765 Users without permission are shown MediaWiki:Missing-revision-permission

An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1. Deleted revision existence is leaked due to incorrect permissions being checked. This reveals that a given revision ID belonged to the given page title, and its timestamp, both of which are not supposed to be public information.

Red Hat Security Advisory 2023-5486-01

Red Hat Security Advisory 2023-5486-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and deserialization vulnerabilities.

CVE-2023-5312

A vulnerability classified as critical has been found in DedeCMS 5.7.111. Affected is an unknown function of the file baidunews.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240948.

CVE-2023-43269: Pigcms vulnerability testing · Issue #1 · pwnero/vul

pigcms up to 7.0 was discovered to contain an arbitrary file upload vulnerability.

CVE-2023-44024: [CVE-2023-44024] Improper neutralization of SQL parameters in KnowBand - One Page Checkout, Social Login & Mailchimp module for PrestaShop

SQL injection vulnerability in KnowBand Module One Page Checkout, Social Login & Mailchimp (supercheckout) v.8.0.3 and before allows a remote attacker to execute arbitrary code via a crafted request to the updateCheckoutBehaviour function in the supercheckout.php component.

CVE-2023-43983: [CVE-2023-43983] Improper neutralization of SQL parameter in Presto Changeo - Attribute Grid module for PrestaShop

Presto Changeo attributegrid up to 2.0.3 was discovered to contain a SQL injection vulnerability via the component disable_json.php.

CVE-2023-40920: [CVE-2023-40920] Improper neutralization of an SQL parameter in prixanconnect module for PrestaShop

Prixan prixanconnect up to v1.62 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::importProducts().