Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2023-1030

A vulnerability has been found in SourceCodester Online Boat Reservation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /boat/login.php of the component POST Parameter Handler. The manipulation of the argument un leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221755.

CVE
Open in Source
#xss#vulnerability#php
Employee Task Management System 1.0 SQL Injection

Employee Task Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities.

Employee Task Management System 1.0 Privilege Escalation

Employee Task Management System version 1.0 suffers from a privilege escalation vulnerability due to a broken access control where a lower privileged user's cookie can be leveraged to takeover an administrative account.

Auto Dealer Management System 1.0 SQL Injection

Auto Dealer Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities.

Auto Dealer Management System 1.0 Privilege Escalation

Auto Dealer Management System version 1.0 suffers from a privilege escalation vulnerability due to a broken access control where a lower privileged user's cookie can be leveraged to takeover an administrative account.

CVE-2021-35370: Code Execution Vulnerability in the background of imcat5.4 · Issue #8 · peacexie/imcat

An issue found in Peacexie Imcat v5.4 allows attackers to execute arbitrary code via the incomplete filtering function.

CVE-2021-35369: imcat 5.2-Arbitrary file read vulnerability · Issue #7 · peacexie/imcat

Arbitrary File Read vulnerability found in Peacexie ImCat v.5.2 fixed in v.5.4 allows attackers to obtain sensitive information via the filtering_get_contents function.

CVE-2023-0585: Updates.php in all-in-one-seo-pack/tags/4.2.9/app/Common/Main – WordPress Plugin Repository

The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Administrator role or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2023-0586: PostSettings.php in all-in-one-seo-pack/tags/4.2.9/app/Common/Admin – WordPress Plugin Repository

The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Contributor+ role to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2023-0998: PaymentVul_report/payment_vulnerability.md at main · 1MurasaKi/PaymentVul_report

A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. This affects an unknown part of the file /alphaware/summary.php of the component Payment Handler. The manipulation of the argument amount leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221733 was assigned to this vulnerability.