Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2023-1847: cve_hub/Online Payroll System in PHP and MySQL Free Download A Comprehensive Guide - vlun 1.pdf at main · E1CHO/cve_hub

A vulnerability was found in SourceCodester Online Payroll System 1.0 and classified as critical. This issue affects some unknown processing of the file attendance.php. The manipulation of the argument employee leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224987.

CVE
Open in Source
#sql#vulnerability#git#php#pdf
CVE-2023-1846: cve_hub/Online Payroll System in PHP and MySQL Free Download A Comprehensive Guide - vlun 4.pdf at main · E1CHO/cve_hub

A vulnerability has been found in SourceCodester Online Payroll System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/deduction_row.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224986 is the identifier assigned to this vulnerability.

CVE-2023-0738: GitHub - Orangescrum/orangescrum: Orangescrum is a simple yet powerful free and open source project management software that helps team to organize their tasks, projects and deliver more.

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html.

CVE-2023-0480: VitalPBX 3.2.3-8 - Account Takeover via CSRF | Advisories | Fluid Attacks

VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance administrator's account. This is possible because the application is vulnerable to CSRF.

CVE-2023-0265: Uvdesk 1.1.1 - RCE via Insecure File Upload | Advisories | Fluid Attacks

Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. This is possible because the application does not properly validate profile pictures uploaded by customers.

CVE-2021-3267: File upload vulnerability leads to getshell · Issue #6 · Kitesky/KiteCMS

File Upload vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the uploadFile function.

CVE-2020-29312: Enterprise PHP Development Platform and Services

An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function.

CVE-2020-23327: Module management - new module functionality has storage XSS vulnerabilities · Issue #262 · zblogcn/zblogphp

Cross Site Scripting vulnerability found in ZblogCN ZblogPHP v.1.0 allows a local attacker to execute arbitrary code via a crafted payload in title parameter of the module management model.

CVE-2020-21060: sql injection exists many places in PHPMyWind v5.6 · Issue #10 · gaozhifeng/PHPMyWind

SQL injection vulnerability found in PHPMyWind v.5.6 allows a remote attacker to gain privileges via the delete function of the administrator management page.

CVE-2023-26750: Yii 2 <= 2.0.47 SQL Injection Vulnerability · Issue #19755 · yiisoft/yii2

SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function.