#php

Pharmacy Management System version 1.0 suffers from an ignored default credential vulnerability.

Online Payment Hub System version 1.0 suffers from an ignored default credential vulnerability.

Innue Business Live Chat version 2.5 suffers from an ignored default credential vulnerability.

### Description: Remote Code Execution Vulnerability has been identified in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The uploaded file can be accessed publicly through the URL `{admidio_base_url}/adm_my_files/messages_attachments/{file_name}`. The vulnerability is caused due to the lack of file extension verification, allowing malicious files to be uploaded to the server and public availability of the uploaded file. An attacker can upload a PHP web shell that executes OS commands on the server, compromising the application server. Note: I am using the docker-compose.yaml file from https://github.com/Admidio/admidio/blob/master/README-Docker.md#docker-compose-usage official documentation. ### Impact: An attacker can exploit this flaw to upload a PHP web shell, which can be used to execute arbitrary commands on the server. This can lead to a complete compromise of the application server, allowing the attacker to: - E...

### Description: An SQL Injection has been identified in the `/adm_program/modules/ecards/ecard_send.php` source file of the Admidio Application. The SQL Injection results in a compromise of the application's database. The value of `ecard_recipients `POST parameter is being directly concatenated with the SQL query in the source code causing the SQL Injection. The SQL Injection can be exploited by a member user, using blind condition-based, time-based, and Out of band interaction SQL Injection payloads. I successfully exploited SQL Injections by causing Time Delays. Advancing the payload, I was able to exfiltrate data from the database based on trial and error conditions and step-wise enumerating the characters of the database name. This was done as a POC of SQL Injection. An attacker could simply drop the database by providing a single payload, steal data, and potentially update the database according to their will. ### Impact: SQL injection (SQLi) vulnerabilities can have serious c...

A threat actor known as Stargazer Goblin has set up a network of inauthentic GitHub accounts to fuel a Distribution-as-a-Service (DaaS) that propagates a variety of information-stealing malware and netting them $100,000 in illicit profits over the past year. The network, which comprises over 3,000 accounts on the cloud-based code hosting platform, spans thousands of repositories that are used to

## usd-2024-0009 | Reflected XSS in Oveleon Cookiebar ### Details **Advisory ID**: usd-2024-0009 **Product**: Cookiebar **Affected Version**: 2.X **Vulnerability Type**: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') **Security Risk**: HIGH, CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N **Vendor URL**: https://www.usd.de/ **CVE Number**: Not requested yet **CVE Link**: Not requested yet ### Affected Component The `block` function in `CookiebarController.php`. ### Desciption Oveleon's Cookiebar is an extension for the popular Contao CMS. The `block/locale` endpoint does not properly sanitize the user-controlled `locale` input before including it in the backend's HTTP response, thereby causing reflected XSS. ### Fix Sanitize the `locale` input to prevent XSS payloads from being executed in a user's browser. ### Timeline * **2024-04-24**: Vulnerability discovered by Daniel Ruppel of usd AG. * *...

Ubuntu Security Notice 6914-1 - Filip Hejsek discovered that the phpCAS library included in OCS Inventory was using HTTP headers to determine the service URL used to validate tickets. A remote attacker could possibly use this issue to gain access to a victim's account.

Ubuntu Security Notice 6913-1 - Filip Hejsek discovered that phpCAS was using HTTP headers to determine the service URL used to validate tickets. A remote attacker could possibly use this issue to gain access to a victim's account on a vulnerable CASified service. This security update introduces an incompatible API change. After applying this update, third party applications need to be modified to pass in an additional service base URL argument when constructing the client class.

Prison Management System version 1.0 suffers from an unauthenticated remote shell upload vulnerability.