#php

File Upload vulnerability in Wolf-leo EasyAdmin8 v.1.0 allows a remote attacker to execute arbtirary code via the upload type function.

RaspAP is feature-rich wireless router software that just works on many popular Debian-based devices, including the Raspberry Pi. A Command Injection vulnerability in RaspAP versions 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands in the context of the user running RaspAP via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php. Successfully tested against RaspAP 2.8.0 and 2.8.7.

Blood Donor Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

eLitius version 1.0 appears to leave backups in a world accessible directory under the document root.

Elite CMS Pro version 2.01 suffers from a remote SQL injection vulnerability.

A vulnerability was found in phpRecDB 1.3.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument r/view leads to cross site scripting. The attack may be launched remotely. VDB-237194 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Elevel CMS version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Ekushey Project Manager CRM version 3.1 appears to leave default credentials installed after installation.

E-Journal Homoeo CMS version 2.0.3 suffers from a remote SQL injection vulnerability.

E-Fun CMS version 5.0 suffers from an XML external entity injection vulnerability.