#php

ViciDial version 2.0.5 suffers from a cross site request forgery vulnerability.

Vehicle Service Management System version 1.0 suffers from a cross site request forgery vulnerability.

Transport Management System version 1.0 suffers from an insecure direct object reference vulnerability.

Online Eyewear Shop version 1.0 suffers from an ignored default credential vulnerability.

AVideo version 12.4 suffers from a PHP code injection vulnerability.

SeedDMS version 6.0.28 suffers from a persistent cross site scripting vulnerability.

Ubuntu Security Notice 7049-1 - It was discovered that PHP incorrectly handled parsing multipart form data. A remote attacker could possibly use this issue to inject payloads and cause PHP to ignore legitimate data. It was discovered that PHP incorrectly handled the cgi.force_redirect configuration option due to environment variable collisions. In certain configurations, an attacker could possibly use this issue bypass force_redirect restrictions.

Tourism Management System version 1.0 suffers from a cross site scripting vulnerability.

TitanNit Web Control 2.01 and Atemio 7600 suffer from a PHP code injection vulnerability.

Teacher Subject Allocation Management System version 1.0 suffers from an ignored default credential vulnerability.