Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2023-37772: Online Shopping Portal Project in Php|E-commerce Online Shopping Portal

Online Shopping Portal Project v3.1 was discovered to contain a SQL injection vulnerability via the Email parameter at /shopping/login.php.

CVE
Open in Source
#sql#vulnerability#web#google#java#php#chrome
The Most In-Demand Freelance Skills for 2023

By Waqas The post-COVID era provides a unique opportunity for skilled individuals to take advantage of the growing freelancing economy.… This is a post from HackRead.com Read the original post: The Most In-Demand Freelance Skills for 2023

GHSA-36xx-7vf6-7mv3: Silverstripe Framework: Members with no password can be created and bypass custom login forms

When a new `Member` record was created in the cms it was possible to set a blank password. If an attacker knows the email address of the user with the blank password then they can attempt to log in using an empty password. The default member authenticator, login form and basic auth all require a non-empty password, however if a custom authentication method is used it may allow a successful login with the empty password. Starting with this release, blank passwords are no no longer allowed when members are created in the CMS. Programatically created `Member` records, such as those used in unit tests, still allow blank passwords. You may have some `Member` records in your system already which have empty passwords. To detect these, you can loop over all `Member` records with `Member::get()` and pass each record into the below method. It might be sensible to create a [`BuildTask`](https://api.silverstripe.org/5/SilverStripe/Dev/BuildTask.html) for this purpose. ```php private function...

CVE-2023-37771: CVE-2023-37771/CVE at main · anky-123/CVE-2023-37771

Art Gallery Management System v1.0 contains a SQL injection vulnerability via the cid parameter at /agms/product.php.

Codecanyon Bitcoin Tools Suite 1.0 Local File Inclusion

Codecanyon Bitcoin Tools Suite version 1.0 suffers from a local file inclusion vulnerability.

CMVC SHOP LMS 2.1.0 SQL Injection

CMVC SHOP LMS version 2.1.0 suffers from a remote SQL injection vulnerability.

CMSninesol 1.0 Cross Site Scripting

CMSninesol version 1.0 suffers from a cross site scripting vulnerability.

CVE-2023-38306: Webmin-2.021/CVE-2023-38306 at main · jaysharma786/Webmin-2.021

An issue was discovered in Webmin 2.021. A Cross-site Scripting (XSS) Bypass vulnerability was discovered in the file upload functionality. Normally, the application restricts the upload of certain file types such as .svg, .php, etc., and displays an error message if a prohibited file type is detected. However, by following certain steps, an attacker can bypass these restrictions and inject malicious code.

CVE-2023-34635: Wifi Soft Unibox Administration 3.0

Wifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to SQL Injection. The vulnerability occurs because of not validating or sanitizing the user input in the username field of the login page.