Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2022-4894: Certain HP and Samsung printer software - Potential elevation of privileges

Certain HP and Samsung Printer software packages may potentially be vulnerable to elevation of privilege due to Uncontrolled Search Path Element.

CVE
Open in Source
#vulnerability#php#samsung
GHSA-67c6-q4j4-hccg: Flarum vulnerable to LFI and Blind SSRF via Avatar upload

## Impact The Flarum forum software is affected by a vulnerability that allows an attacker to conduct a Blind SSRF attack or disclose any file on the server, even with a basic user account on any Flarum forum. By uploading a file containing a URL and spoofing the MIME type, an attacker can manipulate the application to execute unintended actions. The vulnerability is due to the behavior of the `intervention/image` package, which attempts to interpret the supplied file contents as a URL, which then fetches its contents. This allows an attacker to exploit the vulnerability to perform SSRF attacks, disclose local file contents, or conduct a blind oracle attack. ### Patches This has been patched in Flarum **v1.8**. ## Workarounds As a temporary workaround for the SSRF aspect of the vulnerability, one can disable PHP's `allow_url_fopen` which will prevent the fetching of external files via URLs. ### Credits Adam Kues - [Assetnote](https://assetnote.io/)

Evsanati Radyo 1.0 Insecure Settings

Evsanati Radyo version 1.0 suffers from an ignored default credential vulnerability.

Event Locations CMS 1.0.1 Cross Site Scripting

Event Locations CMS version 1.0.1 suffers from a cross site scripting vulnerability.

E-partenaire LMS 1.0.0 Cross Site Scripting

E-partenaire LMS version 1.0.0 suffers from a cross site scripting vulnerability.

CVE-2023-33663: [CVE-2023-33663] Improper neutralization of a SQL parameter in aicustomfee from ai-dev module for PrestaShop

In the module “Customization fields fee for your store” (aicustomfee) from ai-dev module for PrestaShop, an attacker can perform SQL injection up to 0.2.0. Release 0.2.1 fixed this security issue.

CVE-2023-3958: Changeset 2953845 for wp-remote-users-sync – WordPress Plugin Repository

The WP Remote Users Sync plugin for WordPress is vulnerable to Server Side Request Forgery via the 'notify_ping_remote' AJAX function in versions up to, and including, 1.2.12. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. This was partially patched in version 1.2.12 and fully patched in version 1.2.13.

Nearly 2,000 Citrix NetScaler Instances Hacked via Critical Vulnerability

Nearly 2,000 Citrix NetScaler instances have been compromised with a backdoor by weaponizing a recently disclosed critical security vulnerability as part of a large-scale attack. "An adversary appears to have exploited CVE-2023-3519 in an automated fashion, placing web shells on vulnerable NetScalers to gain persistent access," NCC Group said in an advisory released Tuesday. "The adversary can

CVE-2023-39849: GitHub - zhuifengshaonianhanlu/pikachu: 一个好玩的Web安全-漏洞测试平台

Pikachu v1.0 was discovered to contain a SQL injection vulnerability via the $username parameter at \inc\function.php.