Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2022-48093

Seacms v12.7 was discovered to contain a remote code execution (RCE) vulnerability via the ip parameter at admin_ ip.php.

CVE
Open in Source
#vulnerability#php#rce
CVE-2023-23136

lmxcms v1.41 was discovered to contain an arbitrary file deletion vulnerability via BackdbAction.class.php.

CVE-2022-48094

lmxcms v1.41 was discovered to contain an arbitrary file read vulnerability via TemplateAction.class.php.

CVE-2022-23455: Multiple vulnerabilities in HP Support Assistant

Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.

CVE-2022-3990: Privilege escalation via HPSFViewer | HP® Customer Support

HPSFViewer might allow Escalation of Privilege. This potential vulnerability was remediated on July 29th, 2022. Customers who opted for automatic updates should have already received the remediation.

CVE-2023-0607: Fix XSS when changing template · projectsend/projectsend@698be4a

Cross-site Scripting (XSS) - Stored in GitHub repository projectsend/projectsend prior to r1606.

CVE-2022-47769: Security Advisory: Serenissima Informatica – FastCheckIn (CVE-2022-47768/CVE-2022-47769/ CVE-2022-47770)

An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the server via the web shell.

GHSA-3cw5-7cxw-v5qg: Dompdf vulnerable to URI validation failure on SVG parsing

### Summary The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing `<image>` tags with uppercase letters. This might leads to arbitrary object unserialize on PHP < 8, through the `phar` URL wrapper. ### Details The bug occurs during SVG parsing of `<image>` tags, in src/Image/Cache.php : ``` if ($type === "svg") { $parser = xml_parser_create("utf-8"); xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, false); xml_set_element_handler( $parser, function ($parser, $name, $attributes) use ($options, $parsed_url, $full_url) { if ($name === "image") { $attributes = array_change_key_case($attributes, CASE_LOWER); ``` This part will try to detect `<image>` tags in SVG, and will take the href to validate it against the protocolAllowed whitelist. However, the `$name comparison with "image" is case sensitive, which means that such a tag in the SVG will pass : ``` <svg> <Image xlink:href="phar:///foo"></Ima...

CVE-2023-23924: URI validation failure on SVG parsing

Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing `<image>` tags with uppercase letters. This may lead to arbitrary object unserialize on PHP < 8, through the `phar` URL wrapper. An attacker can exploit the vulnerability to call arbitrary URL with arbitrary protocols, if they can provide a SVG file to dompdf. In PHP versions before 8.0.0, it leads to arbitrary unserialize, that will lead to the very least to an arbitrary file deletion and even remote code execution, depending on classes that are available.

CVE-2023-24956: Forget Heart Message Box 1.1 has multiple SQL injections · Issue #1 · Mortalwangxin/lives

Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /cha.php.