Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2023-34599: GitHub - maddsec/CVE-2023-34599: Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code.

Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code.

CVE
Open in Source
#xss#vulnerability#git#java#php
CVE-2023-34598: GitHub - maddsec/CVE-2023-34598: Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) vulnerability where it's possible to include the content of several files present in the installation fold

Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it's possible to include the content of several files present in the installation folder in the server's response.

CVE-2023-3458: CveHubList/Shopping Website (E-Commerce) forgot-password.php has Sqlinjection.pdf at main · AD-Appledog/CveHubList

A vulnerability was found in SourceCodester Shopping Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file forgot-password.php. The manipulation of the argument contact leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232675.

CVE-2023-3457: CveList/Shopping Website (E-Commerce) index.php has Sqlinjection.pdf at main · qwegz/CveList

A vulnerability was found in SourceCodester Shopping Website 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-232674 is the identifier assigned to this vulnerability.

CVE-2023-34487: GitHub - JunyanYip/itsourcecode_justines_sql_vul

itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to SQL Injection. SQL injection points exist in the login password input box. This vulnerability can be exploited through time-based blind injection.

CVE-2023-34486: GitHub - JunyanYip/itsourcecode_justines_xss_vul

itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to Cross Site Scripting (XSS). Remote code execution can be achieved by entering malicious code in the date selection box.

When It Comes to Secure Coding, ChatGPT Is Quintessentially Human

We're still unprepared to fight the security bugs we already encounter, let alone new AI-borne issues.

CVE-2023-34648: Common-Vulnerabilities-and-Exposures/CVE-2023-34648 at main · ckalnarayan/Common-Vulnerabilities-and-Exposures

A Cross Site Scripting vulnerability in PHPgurukl User Registration Login and User Management System with admin panel v.1.0 allows a local attacker to execute arbitrary code via a crafted script to the signup.php.

CVE-2023-1602: Changeset 2931815 for shorten-url/trunk/shorten-url.php – WordPress Plugin Repository

The Short URL plugin for WordPress is vulnerable to stored Cross-Site Scripting via the 'comment' parameter due to insufficient input sanitization and output escaping in versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.