#php

SPIP version 4.2.7 suffers from a code execution vulnerability.

Loan Management System 2024 version 1.0 suffers from an ignored default credential vulnerability.

Hostel Management System version 1.0 version 1.0 suffers from an arbitrary file upload vulnerability.

File Management System version 1.0 suffers from a cross site request forgery vulnerability.

Faculty Evaluation System version 1.0 suffers from a cross site request forgery vulnerability.

eClass LMS version 6.2.0 suffers from a remote shell upload vulnerability.

Free Hospital Management System for Small Practices version 1.0 suffers from a cross site request forgery vulnerability.

This Metasploit module exploits several authenticated SQL Inject vulnerabilities in VICIdial 2.14b0.5 prior to svn/trunk revision 3555 (VICIBox 10.0.0, prior to January 20 is vulnerable). Injection point 1 is on vicidial/admin.php when adding a user, in the modify_email_accounts parameter. Injection point 2 is on vicidial/admin.php when adding a user, in the access_recordings parameter. Injection point 3 is on vicidial/admin.php when adding a user, in the agentcall_email parameter. Injection point 4 is on vicidial/AST_agent_time_sheet.php when adding a user, in the agent parameter. Injection point 5 is on vicidial/user_stats.php when adding a user, in the file_download parameter. VICIdial does not encrypt passwords by default.

Icingaweb versions from 2.9.0 to 2.9.5 inclusive, and 2.8.0 to 2.8.5 inclusive suffer from an unauthenticated directory traversal vulnerability. The vulnerability is triggered through the icinga-php-thirdparty library, which allows unauthenticated users to retrieve arbitrary files from the targets filesystem via a GET request to /lib/icinga/icinga-php-thirdparty/ as the user running the Icingaweb server, which will typically be the www-data user. This can then be used to retrieve sensitive configuration information from the target such as the configuration of various services, which may reveal sensitive login or configuration information, the /etc/passwd file to get a list of valid usernames for password guessing attacks, or other sensitive files which may exist as part of additional functionality available on the target server. This Metasploit module was tested against Icingaweb 2.9.5 running on Docker.

This Metasploit module exploits an authenticated directory traversal vulnerability in WordPress Plugin "NextGEN Gallery" version 2.1.7, allowing to read arbitrary directories with the web server privileges.