#php

### Impact This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they use the Validation library internally. ### Patches Upgrade to v4.3.5 or later. ### Workarounds Setting validation rules with an array. E.g.: ```php $validation->setRules([ 'email' => ['required', 'valid_email, 'is_unique[users.email,id,{id}]'], ]); ``` ### References - https://codeigniter4.github.io/userguide/libraries/validation.html#validation-placeholders - https://codeigniter4.github.io/userguide/incoming/controllers.html#validating-data - https://codeigniter4.github.io/userguide/models/model.html#in-model-validation

Red Hat Security Advisory 2023-3245-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

W3 Eden Download Manager versions 3.2.70 and below suffer from a persistent cross site scripting vulnerability via ShortCode.

WBiz Desk version 1.2 suffers from a remote SQL injection vulnerability.

Esg version 2.5 suffers from a remote SQL injection vulnerability.

Code Bakers version 1.0 suffers from a remote SQL injection vulnerability.

Wekan v6.84 and earlier is vulnerable to Cross Site Scripting (XSS). An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature.

SQL Injection in GitHub repository unilogies/bumsys prior to 2.2.0.

A vulnerability has been found in SourceCodester Class Scheduling System 1.0 and classified as problematic. This vulnerability affects unknown code of the file search_teacher_result.php of the component POST Parameter Handler. The manipulation of the argument teacher leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229612.

A vulnerability was found in SourceCodester Dental Clinic Appointment Reservation System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/service.php of the component POST Parameter Handler. The manipulation of the argument service leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-229598 is the identifier assigned to this vulnerability.