Security
Headlines
HeadlinesLatestCVEs

Tag

#php

Debian Security Advisory 5402-1

Debian Linux Security Advisory 5402-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

Packet Storm
Open in Source
#vulnerability#linux#debian#dos#php#perl
Online Clinic Management System 2.2 Cross Site Scripting

Online Clinic Management System version 2.2 suffers from multiple persistent cross site scripting vulnerabilities.

CVE-2023-31844: bug_report/SQLi-3.md at main · acmglz/bug_report

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_subject.php?id=.

CVE-2023-31842: bug_report/SQLi-2.md at main · acmglz/bug_report

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/index.php?page=edit_faculty&id=.

CVE-2023-31843: bug_report/SQLi-1.md at main · acmglz/bug_report

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/view_faculty.php?id=.

CVE-2023-31845: bug_report/SQLi-4.md at main · acmglz/bug_report

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_class.php?id=.

CVE-2023-1549

The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present

CVE-2022-4774

The Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution.

CVE-2023-2692: CVEReport/XSS.md at main · LeozhangCA/CVEReport

A vulnerability has been found in SourceCodester ICT Laboratory Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file views/room_info.php of the component GET Parameter Handler. The manipulation of the argument name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228973 was assigned to this vulnerability.

CVE-2023-2691

A vulnerability, which was classified as problematic, was found in SourceCodester Personnel Property Equipment System 1.0. Affected is an unknown function of the file admin/add_item.php of the component POST Parameter Handler. The manipulation of the argument item_name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228972.