Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2023-30150: [CVE-2023-30150] Improper neutralization of SQL parameters in the Leo Custom Ajax (leocustomajax) module from LeoTheme for PrestaShop

PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection via modules/leocustomajax/leoajax.php.

CVE
Open in Source
#sql#vulnerability#web#php#auth
CVE-2023-25368: CVE/CVE-2023-25368.md at main · BretMcDanel/CVE

Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to Incorrect Access Control. An unauthenticated attacker can overwrite firmnware.

CVE-2023-31671: [CVE-2023-31671] Improper neutralization of SQL parameter in Postfinance module

PrestaShop postfinance <= 17.1.13 is vulnerable to SQL Injection via PostfinanceValidationModuleFrontController::postProcess().

GHSA-wm5g-p99q-66g4: Path Traversal vulnerability in PHP LocalVolumeDriver connector

### Impact Path Traversal vulnerability in PHP LocalVolumeDriver connector. This vulnerability can be exploited by allowing untrusted users to write to the local file system. ### Patches This vulnerability has been fixed in elFinder 2.1.62. Installation managers should update to the latest version as soon as possible. ### Workarounds If you cannot update for some reason, you must stop using it or prohibit writing to untrusted users. ### References Awaiting CVE ID.

CVE-2023-34756: bloofox v0.5.2.1 was discovered to contain many SQL injection vulnerability

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit.

CVE-2023-34752

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit.

CVE-2021-31280: tp5cms v1.0.0 has XSS vulnerability · Issue #8 · fmsdwifull/tp5cms

An issue was discovered in tp5cms through 2017-05-25. admin.php/system/set.html has XSS via the keywords parameter.

CVE-2023-3240: HuBenVulList/OTCMS was discovered to contain an arbitrary file download vulenrability via the filename.md at main · HuBenLab/HuBenVulList

A vulnerability has been found in OTCMS up to 6.62 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file usersNews_deal.php. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231511.

CVE-2023-3239: HuBenVulList/OTCMS was discovered obtain the web directory path and other information leaked .md at main · HuBenLab/HuBenVulList

A vulnerability, which was classified as problematic, was found in OTCMS up to 6.62. Affected is an unknown function of the file admin/readDeal.php?mudi=readQrCode. The manipulation of the argument img leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-231510 is the identifier assigned to this vulnerability.

CVE-2023-3241

A vulnerability was found in OTCMS up to 6.62 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/read.php?mudi=announContent. The manipulation of the argument url leads to path traversal. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231512.