Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2023-0788: huntr – Security Bounties for any GitHub repository

Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

CVE
Open in Source
#git#php
CVE-2023-0792: huntr – Security Bounties for any GitHub repository

Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

CVE-2023-0789: huntr – Security Bounties for any GitHub repository

Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

CVE-2023-0785

A vulnerability classified as problematic was found in SourceCodester Best Online News Portal 1.0. Affected by this vulnerability is an unknown functionality of the file check_availability.php. The manipulation of the argument username leads to exposure of sensitive information through data queries. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220645 was assigned to this vulnerability.

CVE-2022-38396: Potential Escalation of Privilege in HP Factory Preinstalled Windows 10 20H2 Images

HP Factory Preinstalled Images on certain systems that shipped with Windows 10 versions 20H2 and earlier OS versions might allow escalation of privilege via execution of certain files outside the restricted path. This potential vulnerability was remediated starting with Windows 10 versions 21H2 on October 31, 2021.

CVE-2022-43779: AMI UEFI Firmware December 2022 Security Update (TOCTOU)

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS) which might allow arbitrary code execution, denial of service, and information disclosure. AMI has released updates to mitigate the potential vulnerability.

CVE-2023-0783

A vulnerability was found in EcShop 4.1.5. It has been classified as critical. This affects an unknown part of the file /ecshop/admin/template.php of the component PHP File Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220641 was assigned to this vulnerability.

CVE-2023-0781

A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been declared as critical. This vulnerability affects the function query of the file removeOrder.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220624.

CVE-2023-23162: CVE/CVE-2023-23162.txt at main · rahulpatwari/CVE

Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter at product.php.

CVE-2023-23161: CVE/CVE-2023-23161.txt at main · rahulpatwari/CVE

A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation bar.