#php

An information leak in PHPJabbers Yacht Listing Script v1.0 allows attackers to export clients' credit card numbers from the Reservations module.

Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modified local_graph_id parameter to graph_xport.php. This is a different vulnerability than CVE-2019-16723.

DriverPack Solution CMS version 17.11.108 suffers from a cross site scripting vulnerability.

DMIS:CRI LMS version 2.0 suffers from a remote SQL injection vulnerability.

Discussion On Kontackt The Exclusive PHP Social Network Platform version 1.18 suffers from a cross site scripting vulnerability.

Digisha CMS version 1.2.7 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

DigaSell Digital Store PHP Script version 1.0.0 suffers from a remote blind SQL injection vulnerability.

Doma CMS version 1.0 suffers from a cross site scripting vulnerability.

Desenvolvido C3iM CMS version 2.0 suffers from a cross site scripting vulnerability.

Deprixa version 3.2.5 suffers from a cross site request forgery vulnerability.