Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2023-1276: SUL1SS_shop_SQLi-这里是一个普通学生的博客

A vulnerability, which was classified as critical, has been found in SUL1SS_shop. This issue affects some unknown processing of the file application\merch\controller\Order.php. The manipulation of the argument keyword leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-222599.

CVE
Open in Source
#sql#vulnerability#web#git#php
CVE-2023-1278

A vulnerability, which was classified as problematic, has been found in IBOS up to 4.5.5. Affected by this issue is some unknown functionality of the file mobil/index.php. The manipulation of the argument accesstoken leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-222608.

CVE-2023-26956: Background development assistant arbitrary file reading vulnerability · Issue #4 · keheying/onekeyadmin

onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/curd/code.

CVE-2023-1275: bug_report/XSS-1.md at main · blairting/bug_report

A vulnerability classified as problematic was found in SourceCodester Phone Shop Sales Managements System 1.0. This vulnerability affects unknown code of the file /osms/assets/plugins/jquery-validation-1.11.1/demo/captcha/index.php of the component CAPTCHA Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222598 is the identifier assigned to this vulnerability.

CVE-2023-26922: execute-command.php Command execution vulnerability · Issue #1 · varigit/matrix-gui-v2

SQL injection vulnerability found in Varisicte matrix-gui v.2 allows a remote attacker to execute arbitrary code via the shell_exect parameter to the \www\pages\matrix-gui-2.0 endpoint.

Purchase Order Management 1.0 Shell Upload

Purchase Order Management version 1.0 suffers a remote shell upload vulnerability. Flow details to achieve this are shown in the video link provided.

CVE-2023-26952: Background menu rules - add menu has storage xss vulnerability · Issue #7 · keheying/onekeyadmin

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Menu module.

CVE-2023-26950: Background category management - adding categories has a storage xss vulnerability · Issue #9 · keheying/onekeyadmin

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Title parameter under the Adding Categories module.

CVE-2023-24657: Reflected XSS at /app/tools/subnet-masks/popup.php · Issue #3738 · phpipam/phpipam

phpipam v1.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the closeClass parameter at /subnet-masks/popup.php.