Tag
#php
Schoolmate v1.3 was discovered to contain multiple SQL injection vulnerabilities via the $courseid and $teacherid parameters at DeleteFunctions.php.
webchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php.
DVWA v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at blind\source\high.php.
Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php.
SQL Injection vulnerability in eVotingSystem-PHP v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the user input fields.
File Upload vulnerability in Wolf-leo EasyAdmin8 v.1.0 allows a remote attacker to execute arbtirary code via the upload type function.
RaspAP is feature-rich wireless router software that just works on many popular Debian-based devices, including the Raspberry Pi. A Command Injection vulnerability in RaspAP versions 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands in the context of the user running RaspAP via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php. Successfully tested against RaspAP 2.8.0 and 2.8.7.
Blood Donor Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
eLitius version 1.0 appears to leave backups in a world accessible directory under the document root.
Elite CMS Pro version 2.01 suffers from a remote SQL injection vulnerability.