#php

A vulnerability, which was classified as problematic, was found in SourceCodester Simple Task Allocation System 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224724.

Unknown threat actors are actively exploiting a recently patched security vulnerability in the Elementor Pro website builder plugin for WordPress. The flaw, described as a case of broken access control, impacts versions 3.11.6 and earlier. It was addressed by the plugin maintainers in version 3.11.7 released on March 22. "Improved code security enforcement in WooCommerce components," the

X-Man 1.0 has a SQL injection vulnerability, which can cause data leakage.

A vulnerability was found in SourceCodester Earnings and Expense Tracker App 1.0. It has been classified as critical. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-224700.

An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. Attackers might be able to see edits for which the username has been hidden, because there is no check for rev_deleted.

Judging Management System version 1.0 suffers from bypass and remote shell upload vulnerabilities.

Judging Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for login bypass.

Online Pizza Ordering version 1.0 suffers from a remote SQL injection vulnerability.

rconfig version 3.9.7 suffers from a remote SQL injection vulnerability.

WordPress WooCommerce plugin version 7.1.0 suffers from a remote code execution vulnerability.