Security
Headlines
HeadlinesLatestCVEs

Tag

#php

GHSA-44wr-rmwq-3phw: Craft CMS vulnerable to Remote Code Execution via validatePath bypass

### Summary Bypassing the validatePath function can lead to potential Remote Code Execution (Post-authentication, ALLOW_ADMIN_CHANGES=true) ### Details In bootstrap.php, the SystemPaths path is set as below. ```php // Set the vendor path. By default assume that it's 4 levels up from here $vendorPath = $findConfigPath('--vendorPath', 'CRAFT_VENDOR_PATH') ?? dirname(__DIR__, 3); // Set the "project root" path that contains config/, storage/, etc. By default assume that it's up a level from vendor/. $rootPath = $findConfigPath('--basePath', 'CRAFT_BASE_PATH') ?? dirname($vendorPath); // By default the remaining directories will be in the base directory $dotenvPath = $findConfigPath('--dotenvPath', 'CRAFT_DOTENV_PATH') ?? "$rootPath/.env"; $configPath = $findConfigPath('--configPath', 'CRAFT_CONFIG_PATH') ?? "$rootPath/config"; $contentMigrationsPath = $findConfigPath('--contentMigrationsPath', 'CRAFT_CONTENT_MIGRATIONS_PATH') ?? "$rootPath/migrations"; $storagePath = $findConfigPath('...

ghsa
Open in Source
#vulnerability#git#php#rce#auth
Jorani Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability in Jorani versions prior to 1.0.2. It abuses log poisoning and redirection bypass via header spoofing and then it uses path traversal to trigger the vulnerability. It has been tested on Jorani 1.0.0.

Academy LMS 6.1 Cross Site Scripting / File Upload

Academy LMS version 6.1 suffers from an upload vulnerability that could lead to persistent cross site scripting attacks.

Evsanati Radyo 1.0 Shell Upload

Evsanati Radyo version 1.0 suffers from a remote shell upload vulnerability.

Event Locations CMS 1.0.1 Shell Upload

Event Locations CMS version 1.0.1 suffers from a remote shell upload vulnerability.

DoorGets CMS 7.0 Information Disclosure

DoorGets CMS version 7.0 suffers from an information leakage vulnerability.

CVE-2023-38899: sql sql injection · Issue #2 · berkaygediz/O_Blog

SQL injection vulnerability in berkaygediz O_Blog v.1.0 allows a local attacker to escalate privileges via the secure_file_priv component.

CVE-2023-40068: Advanced Custom Fields (ACF)

Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative privilege.

CVE-2023-39939: LuxSoft Home

SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute arbitrary queries against the database and obtain or alter the information in it.

CVE-2023-4449: vuls/README.md at main · Jacky-Y/vuls

A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /index.php?page=member. The manipulation of the argument columns[0][data] leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-237570 is the identifier assigned to this vulnerability.