Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2023-2678

A vulnerability has been found in SourceCodester File Tracker Manager System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /file_manager/admin/save_user.php of the component POST Parameter Handler. The manipulation of the argument firstname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228892.

CVE
Open in Source
#xss#vulnerability#php
CVE-2023-2677: cve/SQL.md at main · BacteriaJun/cve

A vulnerability, which was classified as critical, was found in SourceCodester Covid-19 Contact Tracing System 1.0. This affects an unknown part of the file admin/establishment/manage.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228891.

CVE-2023-2671

A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file classes/Master.php?f=save_inquiry of the component Contact Form. The manipulation of the argument fullname/contact/message leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-228887.

CVE-2023-2672

A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file items/view.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-228888.

CVE-2023-32243: 1+ Million Sites Affected by Critical Privilege Escalation Vulnerability in Essential Addons for Elementor Plugin

Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.

CVE-2023-29808: Companymaps 8.0 Cross Site Scripting ≈ Packet Storm

Cross Site Scripting (XSS) vulnerability in vogtmh cmaps (companymaps) 8.0 allows attackers to execute arbitrary code.

CVE-2023-29809: Companymaps 8.0 SQL Injection ≈ Packet Storm

SQL injection vulnerability found in Maximilian Vogt companymaps (cmaps) v.8.0 allows a remote attacker to execute arbitrary code via a crafted script in the request.

CVE-2023-30330: GitHub - Filiplain/LFI-to-RCE-SE-Suite-2.0: Authenticated Local File Inclusion to Remote Code Execution on SoftExpert Suite EQM.

SoftExpert (SE) Excellence Suite 2.x versions before 2.1.3 is vulnerable to Local File Inclusion in the function /se/v42300/generic/gn_defaultframe/2.0/defaultframe_filter.php.

CVE-2020-13378: OS Command Injection in Enterprise loadbalancer VA MAX - v8.3.8 and earlier

Loadbalancer.org Enterprise VA MAX through 8.3.8 has an OS Command Injection vulnerability that allows a remote authenticated attacker to execute arbitrary code.

GHSA-6mhc-hqr3-w466: PrestaShop Cross-site Scripting vulnerability

A cross-site scripting (XSS) vulnerability in PrestaShop v1.7.7.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the message parameter in /contactform/contactform.php.