Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2023-31671: [CVE-2023-31671] Improper neutralization of SQL parameter in Postfinance module

PrestaShop postfinance <= 17.1.13 is vulnerable to SQL Injection via PostfinanceValidationModuleFrontController::postProcess().

CVE
Open in Source
#sql#vulnerability#web#php#auth
GHSA-wm5g-p99q-66g4: Path Traversal vulnerability in PHP LocalVolumeDriver connector

### Impact Path Traversal vulnerability in PHP LocalVolumeDriver connector. This vulnerability can be exploited by allowing untrusted users to write to the local file system. ### Patches This vulnerability has been fixed in elFinder 2.1.62. Installation managers should update to the latest version as soon as possible. ### Workarounds If you cannot update for some reason, you must stop using it or prohibit writing to untrusted users. ### References Awaiting CVE ID.

CVE-2023-34756: bloofox v0.5.2.1 was discovered to contain many SQL injection vulnerability

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit.

CVE-2023-34752

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit.

CVE-2021-31280: tp5cms v1.0.0 has XSS vulnerability · Issue #8 · fmsdwifull/tp5cms

An issue was discovered in tp5cms through 2017-05-25. admin.php/system/set.html has XSS via the keywords parameter.

CVE-2023-3240: HuBenVulList/OTCMS was discovered to contain an arbitrary file download vulenrability via the filename.md at main · HuBenLab/HuBenVulList

A vulnerability has been found in OTCMS up to 6.62 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file usersNews_deal.php. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231511.

CVE-2023-3239: HuBenVulList/OTCMS was discovered obtain the web directory path and other information leaked .md at main · HuBenLab/HuBenVulList

A vulnerability, which was classified as problematic, was found in OTCMS up to 6.62. Affected is an unknown function of the file admin/readDeal.php?mudi=readQrCode. The manipulation of the argument img leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-231510 is the identifier assigned to this vulnerability.

CVE-2023-3241

A vulnerability was found in OTCMS up to 6.62 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/read.php?mudi=announContent. The manipulation of the argument url leads to path traversal. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231512.

CVE-2023-3238

A vulnerability, which was classified as critical, has been found in OTCMS up to 6.62. This issue affects some unknown processing of the file /admin/read.php?mudi=getSignal. The manipulation of the argument signalUrl leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231509 was assigned to this vulnerability.

CVE-2023-3236: HuBenVulList/MCCMS is vulnerable to Server-side request forgery (SSRF) 2.md at main · HuBenLab/HuBenVulList

A vulnerability classified as critical has been found in mccms up to 2.6.5. This affects the function pic_save of the file sys/apps/controllers/admin/Comic.php. The manipulation of the argument pic leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231507.