#php

Men Salon Management System version 2.0 suffers from a php code injection vulnerability.

Emergency Ambulance Hiring Portal version 1.0 suffers from an ignored default credential vulnerability.

Car Washing Management System version 1.0 suffers from an ignored default credential vulnerability.

Bus Pass Management System version 1.0 suffers from an ignored default credential vulnerability.

BP Monitoring Management System version 1.0 suffers from an ignored default credential vulnerability.

Beauty Parlour and Saloon Management System version 1.1 suffers from an insecure cooking handling vulnerability.

Auto/Taxi Stand Management System version 1.0 suffers from a php code injection vulnerability.

Art Gallery Management System version 1.0 suffers from an ignored default credential vulnerability.

This Metasploit module exploits a Remote Code Execution vulnerability in the BigUp plugin of SPIP. The vulnerability lies in the lister_fichiers_par_champs function, which is triggered when the bigup_retrouver_fichiers parameter is set to any value. By exploiting the improper handling of multipart form data in file uploads, an attacker can inject and execute arbitrary PHP code on the target server. This critical vulnerability affects all versions of SPIP from 4.0 up to and including 4.3.1, 4.2.15, and 4.1.17. It allows unauthenticated users to execute arbitrary code remotely via the public interface. The vulnerability has been patched in versions 4.3.2, 4.2.16, and 4.1.18.

Nipah Virus Testing Management System version 1.0 suffers from a php code injection vulnerability.