Security
Headlines
HeadlinesLatestCVEs

Tag

#php

Lost And Found Information System 1.0 Broken Access Control / Privilege Escalation

Lost and Found Information System version 1.0 allows a staff level user to adjust administrative controls.

Packet Storm
#sql#vulnerability#php#auth
Apple Zeed ALL YOUR STYLE CMS 2.0 SQL Injection

Apple Zeed ALL YOUR STYLE CMS version 2.0 suffers from a remote SQL injection vulnerability.

CVE-2023-31548: CVE-Disclosures/ChurchCRM/CVE-2023-31548 at main · 10splayaSec/CVE-Disclosures

A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

CVE-2023-3016

A vulnerability was found in yiwent Vip Video Analysis 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file admin/admincore.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230360.

CVE-2023-26842: CVE-Disclosures/ChurchCRM/CVE-2023-26842 at main · 10splayaSec/CVE-Disclosures

A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the OptionManager.php.

CVE-2023-3015

A vulnerability has been found in yiwent Vip Video Analysis 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file data/title.php. The manipulation of the argument titurl leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230359.

CVE-2023-3014

A vulnerability, which was classified as problematic, was found in BeipyVideoResolution up to 2.6. Affected is an unknown function of the file admin/admincore.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230358 is the identifier assigned to this vulnerability.

CVE-2023-33507: Kramer VIA GO² - ZX Security

KramerAV VIA GO² < 4.0.1.1326 is vulnerable to Unauthenticated arbitrary file read.

CVE-2023-3008: webray.com.cn/sql_inject.md at main · Xor-Gerke/webray.com.cn

A vulnerability classified as critical has been found in ningzichun Student Management System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument user/pass leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230355.

CVE-2023-3007: webray.com.cn/password_reset.md at main · Xor-Gerke/webray.com.cn

A vulnerability was found in ningzichun Student Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file resetPassword.php of the component Password Reset Handler. The manipulation of the argument sid leads to weak password recovery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-230354 is the identifier assigned to this vulnerability.