Security
Headlines

Headlines Latest CVEs

Tag

#php

AMPLE BILLS 1.0 Cross Site Scripting

AMPLE BILLS version 1.0 suffers from a cross site scripting vulnerability.

3 months ago

#xss #vulnerability #windows #google #php #pdf #auth #firefox

Aero CMS 0.0.1 Cross Site Request Forgery

Aero CMS version 0.0.1 suffers from a cross site request forgery vulnerability.

3 months ago

#csrf #vulnerability #windows #google #git #php #auth #firefox

SchoolPlus LMS 1.0 SQL Injection

SchoolPlus LMS version 1.0 suffers from a remote SQL injection vulnerability.

3 months ago

#sql #vulnerability #web #windows #google #php #auth #firefox

AccPack Khanepani 1.0 Insecure Direct Object Reference

AccPack Khanepani version 1.0 suffers from an insecure direct object reference vulnerability.

3 months ago

#sql #xss #csrf #vulnerability #web #ios #mac #windows #apple #google #ubuntu #linux #debian #cisco #java #php #perl #auth #ruby #firefox

AccPack Buzz 1.0 Arbitrary File Upload

AccPack Buzz version 1.0 suffers from an arbitrary file upload vulnerability.

3 months ago

#vulnerability #web #windows #google #php #auth #firefox

GHSA-fx6j-9pp6-ph36: Pimcore vulnerable to disclosure of system and database information behind /admin firewall

### Summary Navigating to `/admin/index/statistics` with a **logged in Pimcore user** (not an XmlHttpRequest because of this check: [IndexController:125](https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/IndexController.php#L125C24-L125C40)) exposes information about the Pimcore installation, PHP version, MYSQL version, installed bundles and all database tables and their row count in the system. > The web server should not return any product and version information of the components used. The table names and row counts should not be exposed. ### Details `/admin/index/statistics` returns the following JSON-response: ``` { { "instanceId": "...", "pimcore_major_version": 11, "pimcore_version": "v11.3.1", "pimcore_hash": "3ecd39f21dbdd25ffdf4bec6e2c860eccfd3d008", "pimcore_platform_version": "v2024.2", "php_version": "8.3.8", "mysql_version": "10.11.8-MariaDB-ubu2204", "bundles": [ //...

3 months ago

#sql #web #google #js #git #php

Chuksrio LMS 2.9 Insecure Direct Object Reference

Chuksrio LMS version 2.9 suffers from an insecure direct object reference vulnerability.

3 months ago

#sql #xss #csrf #vulnerability #web #ios #mac #windows #apple #google #ubuntu #linux #debian #cisco #java #php #perl #auth #ruby #firefox

Blog Site 1.0 SQL Injection

Blog Site version 1.0 suffers from a remote SQL injection vulnerability.

3 months ago

#sql #vulnerability #web #git #php #auth

QuickJob 6.1 Insecure Settings

QuickJob version 6.1 suffers from an ignored default credential vulnerability.

3 months ago

#sql #xss #csrf #vulnerability #web #ios #mac #windows #apple #google #ubuntu #linux #debian #cisco #git #java #php #perl #auth #ruby #firefox

Prison Management System version 1.0 Insecure Settings

Prison Management System version version 1.0 suffers from an ignored default credential vulnerability.

3 months ago

#sql #xss #csrf #vulnerability #web #ios #mac #windows #apple #google #ubuntu #linux #debian #cisco #java #php #perl #auth #ruby #firefox