Improper Authentication in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

@@ -434,7 +434,7 @@ private function drawText()

$codeLength = Strings::strlen($this\->code);

$numFonts = count($this\->fonts);

$w1 = 15;

$w2 = $this\->width / ($codeLength + 1);

$w2 = floor($this\->width / ($codeLength + 1));

  

for ($p = 0; $p < $codeLength; ++$p) {

$letter = $this\->code\[$p\];

@@ -515,7 +515,7 @@ public function checkCaptchaCode(string $code): bool

public function validateCaptchaCode(string $captchaCode): bool

{

// Sanity check

if (0 === Strings::strlen($captchaCode)) {

if (Strings::strlen($captchaCode) !== $this\->captchaLength) {

return false;

}

CVE-2023-0311: fix: check captcha length correctly and fix type error · thorsten/phpMyFAQ@fe6e9f0

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

@@ -776,14 +776,17 @@

break;

}

  

$userData = \[

'display\_name' => $userName,

'email' => $email,

'is\_visible' => $isVisible === 'on' ? 1 : 0

\];

$success = $user\->setUserData($userData);

  

if (0 !== strlen($password) && 0 !== strlen($confirm)) {

if (strlen($password) <= 7 || strlen($confirm) <= 7) {

$message = \['error' => $PMF\_LANG\['ad\_passwd\_fail'\]\];

break;

} else {

$userData = \[

'display\_name' => $userName,

'email' => $email,

'is\_visible' => $isVisible === 'on' ? 1 : 0

\];

$success = $user\->setUserData($userData);

  

foreach ($user\->getAuthContainer() as $author => $auth) {

if ($auth\->setReadOnly()) {

continue;

CVE-2023-0307: fix: added missing check on password length · thorsten/phpMyFAQ@8beed2f

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

@@ -7,21 +7,21 @@ \* v. 2.0. If a copy of the MPL was not distributed with this file, You can \* obtain one at http://mozilla.org/MPL/2.0/. \* \* @package phpMyFAQ \* @author Thorsten Rinne <thorsten@phpmyfaq.de> \* @author Matteo Scaramuccia <matteo@phpmyfaq.de> \* @package phpMyFAQ \* @author Thorsten Rinne <thorsten@phpmyfaq.de> \* @author Matteo Scaramuccia <matteo@phpmyfaq.de> \* @copyright 2003-2022 phpMyFAQ Team \* @license http://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0 \* @link https://www.phpmyfaq.de \* @since 2003-02-23 \* @license http://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0 \* @link https://www.phpmyfaq.de \* @since 2003-02-23 \*/  
use phpMyFAQ\\Comments; use phpMyFAQ\\Date; use phpMyFAQ\\Entity\\CommentType; use phpMyFAQ\\Filter; use phpMyFAQ\\Helper\\LanguageHelper; use phpMyFAQ\\News; use phpMyFAQ\\News;use phpMyFAQ\\Strings;  
if (!defined('IS\_VALID\_PHPMYFAQ')) { http\_response\_code(400); @@ -66,15 +66,19 @@ </div\>  
<div class\="form-group row"\> <label class\="col-3 col-form-label" for\="authorName"\><?= $PMF\_LANG\['ad\_news\_author\_name'\] ?></label\> <label class\="col-3 col-form-label" for\="authorName"\> <?= $PMF\_LANG\['ad\_news\_author\_name'\] ?> </label\> <div class\="col-9"\> <input class\="form-control" type\="text" name\="authorName" id\="authorName" value\="<?= $user\->getUserData('display\_name') ?>"\> </div\> </div\>  
<div class\="form-group row"\> <label class\="col-3 col-form-label" for\="authorEmail"\><?= $PMF\_LANG\['ad\_news\_author\_email'\] ?></label\> <label class\="col-3 col-form-label" for\="authorEmail"\> <?= $PMF\_LANG\['ad\_news\_author\_email'\] ?> </label\> <div class\="col-9"\> <input class\="form-control" type\="email" name\="authorEmail" id\="authorEmail" value\="<?= $user\->getUserData('email') ?>"\> @@ -94,7 +98,9 @@ </div\>  
<div class\="form-group row"\> <label class\="col-3 col-form-label" for\="comment"\><?= $PMF\_LANG\['ad\_news\_allowComments'\] ?></label\> <label class\="col-3 col-form-label" for\="comment"\> <?= $PMF\_LANG\['ad\_news\_allowComments'\] ?> </label\> <div class\="col-9 checkbox"\> <label\> <input type\="checkbox" name\="comment" id\="comment" value\="y"\> @@ -106,12 +112,15 @@ <div class\="form-group row"\> <label class\="col-3 col-form-label" for\="link"\><?= $PMF\_LANG\['ad\_news\_link\_url'\] ?></label\> <div class\="col-9"\> <input class\="form-control" type\="text" name\="link" id\="link" placeholder\="http://www.example.com/"\> <input class\="form-control" type\="text" name\="link" id\="link" placeholder\="http://www.example.com/"\> </div\> </div\>  
<div class\="form-group row"\> <label class\="col-3 col-form-label" for\="linkTitle"\><?= $PMF\_LANG\['ad\_news\_link\_title'\] ?></label\> <label class\="col-3 col-form-label" for\="linkTitle"\> <?= $PMF\_LANG\['ad\_news\_link\_title'\] ?> </label\> <div class\="col-9"\> <input type\="text" name\="linkTitle" id\="linkTitle" class\="form-control"\> </div\> @@ -207,7 +216,7 @@ foreach ($newsHeader as $newsItem) { ?> <tr\> <td\><?= $newsItem\['header'\] ?></td\> <td\><?= Strings::htmlentities($newsItem\['header'\]) ?></td\> <td\><?= $date\->format($newsItem\['date'\]) ?></td\> <td\> <a class\="btn btn-primary" href\="?action=edit-news&amp;id=<?= $newsItem\['id'\] ?>"\> @@ -254,7 +263,7 @@ <label class\="col-3 col-form-label" for\="newsheader"\><?= $PMF\_LANG\['ad\_news\_header'\] ?></label\> <div class\="col-9"\> <input type\="text" name\="newsheader" id\="newsheader" class\="form-control" value\="<?= $newsData\['header'\] ?? '' ?>"\> value\="<?= Strings::htmlentities($newsData\['header'\]) ?? '' ?>"\> </div\> </div\>  
@@ -270,16 +279,20 @@ </div\>  
<div class\="form-group row"\> <label class\="col-3 col-form-label" for\="authorName"\><?= $PMF\_LANG\['ad\_news\_author\_name'\] ?></label\> <label class\="col-3 col-form-label" for\="authorName"\> <?= $PMF\_LANG\['ad\_news\_author\_name'\] ?> </label\> <div class\="col-9"\> <input type\="text" name\="authorName" value\="<?= $newsData\['authorName'\] ?>" class\="form-control"\> <input type\="text" name\="authorName" class\="form-control" value\="<?= Strings::htmlentities($newsData\['authorName'\]) ?>"\> </div\> </div\>  
<div class\="form-group row"\> <label class\="col-3 col-form-label" for\="authorEmail"\><?= $PMF\_LANG\['ad\_news\_author\_email'\] ?></label\> <div class\="col-9"\> <input type\="email" name\="authorEmail" value\="<?= $newsData\['authorEmail'\] ?>" class\="form-control"\> <input type\="email" name\="authorEmail" class\="form-control" value\="<?= Strings::htmlentities($newsData\['authorEmail'\]) ?>"\> </div\> </div\>  
@@ -315,15 +328,16 @@ <div class\="form-group row"\> <label class\="col-3 col-form-label" for\="link"\><?= $PMF\_LANG\['ad\_news\_link\_url'\] ?></label\> <div class\="col-9"\> <input type\="text" id\="link" name\="link" value\="<?= $newsData\['link'\] ?>" class\="form-control"\> <input type\="text" id\="link" name\="link" value\="<?= Strings::htmlentities($newsData\['link'\]) ?>" class\="form-control"\> </div\> </div\>  
<div class\="form-group row"\> <label class\="col-3 col-form-label" for\="linkTitle"\><?= $PMF\_LANG\['ad\_news\_link\_title'\] ?></label\> <div class\="col-9"\> <input type\="text" id\="linkTitle" name\="linkTitle" value\="<?= $newsData\['linkTitle'\] ?>" class\="form-control"\> <input type\="text" id\="linkTitle" name\="linkTitle" value\="<?= Strings::htmlentities($newsData\['linkTitle'\]) ?>" class\="form-control"\> </div\> </div\>  
@@ -429,14 +443,14 @@ class="form-control"> <?php $dateStart = Filter::filterInput(INPUT\_POST, 'dateStart', FILTER\_UNSAFE\_RAW); $dateEnd = Filter::filterInput(INPUT\_POST, 'dateEnd', FILTER\_UNSAFE\_RAW); $header = Filter::filterInput(INPUT\_POST, 'newsheader', FILTER\_UNSAFE\_RAW); $header = Filter::filterInput(INPUT\_POST, 'newsheader', FILTER\_SANITIZE\_SPECIAL\_CHARS); $content = Filter::filterInput(INPUT\_POST, 'news', FILTER\_SANITIZE\_SPECIAL\_CHARS); $author = Filter::filterInput(INPUT\_POST, 'authorName', FILTER\_UNSAFE\_RAW); $email = Filter::filterInput(INPUT\_POST, 'authorEmail', FILTER\_VALIDATE\_EMAIL); $active = Filter::filterInput(INPUT\_POST, 'active', FILTER\_UNSAFE\_RAW); $comment = Filter::filterInput(INPUT\_POST, 'comment', FILTER\_UNSAFE\_RAW); $link = Filter::filterInput(INPUT\_POST, 'link', FILTER\_UNSAFE\_RAW); $linkTitle = Filter::filterInput(INPUT\_POST, 'linkTitle', FILTER\_UNSAFE\_RAW); $link = Filter::filterInput(INPUT\_POST, 'link', FILTER\_SANITIZE\_SPECIAL\_CHARS); $linkTitle = Filter::filterInput(INPUT\_POST, 'linkTitle', FILTER\_SANITIZE\_SPECIAL\_CHARS); $newsLang = Filter::filterInput(INPUT\_POST, 'langTo', FILTER\_UNSAFE\_RAW); $target = Filter::filterInput(INPUT\_POST, 'target', FILTER\_UNSAFE\_RAW);

CVE-2023-0313: fix: added missing conversion to HTML entities · thorsten/phpMyFAQ@1123c08

@@ -20,6 +20,7 @@

use phpMyFAQ\\Date;

use phpMyFAQ\\Entity\\CommentType;

use phpMyFAQ\\Faq;

use phpMyFAQ\\Strings;

  

if (!defined('IS\_VALID\_PHPMYFAQ')) {

http\_response\_code(400);

@@ -73,7 +74,7 @@

<td\>

<span style\="font-weight: bold;"\>

<a href\="mailto:<?= $faqComment\->getEmail() ?>"\>

<?= $faqComment\->getUsername() ?>

<?= Strings::htmlentities($faqComment\->getUsername()) ?>

</a\> |

<?= $date\->format(date('Y-m-d H:i', $faqComment\->getDate())) ?> |

<a href\="<?php printf(

@@ -84,8 +85,8 @@

) ?>"\>

<?= $faq\->getRecordTitle($faqComment\->getRecordId()) ?>

</a\>

</span\><br/\>

<?= $faqComment\->getComment() ?>

</span\><br\>

<?= Strings::htmlentities($faqComment\->getComment()) ?>

</td\>

</tr\>

<?php

CVE-2023-0310: fix: added missing conversion to HTML entities · thorsten/phpMyFAQ@53099a9

CVE-2023-0308: huntr – Security Bounties for any GitHub repository

CVE-2023-0309: huntr – Security Bounties for any GitHub repository

** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, was found in calesanz gibb-modul-151. This affects the function bearbeiten/login. The manipulation leads to open redirect. It is possible to initiate the attack remotely. The name of the patch is 88a517dc19443081210c804b655e72770727540d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218379. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Permalink

Browse files

fixed security vulnerability in redirect (missing validation)

*   Loading branch information

1 parent 36298e9 commit 88a517dc19443081210c804b655e72770727540d

Showing **15 changed files** with **29 additions** and **3,650 deletions**.

*   *   DAGuestBookEntry.php
*   *   gaestebuchController.php
    *   userController.php
*   *   foundation.css
*   *   foundation.min.js
    *   *   fastclick.js
        *   jquery.cookie.js
        *   jquery.js
        *   modernizr.js
        *   placeholder.js
*   *   Dispatcher.php
    *   Redirector.php
*   modernizr.js
*   *   gaestebuch.anzeigen.php
    *   gaestebuch.php

@@ -17,7 +17,7 @@ function find($id) {

return $entry;

}

function findAll() {

$sql = 'SELECT \* FROM GuestBookEntry';

$sql = 'SELECT \* FROM GuestBookEntry ORDER BY CreatedAt DESC';

$stmt = self::getConnection ()->prepare ( $sql );

$stmt\->execute ();

  

@@ -43,8 +43,7 @@ public function bearbeiten($param, $data, $session) {

$errors .= \\BO\\BOGuestBook::save ( $guestbook );

if ($errirs == "") {

// Redirect back

header ( "Location: $backurl" );

header ( "HTTP/1.1 302 Found" );

\\Redirector::redirect($backurl);

return;

}

}

@@ -42,9 +42,7 @@ public function login($param, $data, $session) {

$\_SESSION \['userId'\] = $user\->Id;

$\_SESSION \['FullName'\] = $user\->FullName;

// Logged In

  

header ( "Location: $backurl" );

header ( "HTTP/1.1 302 Found" );

\\Redirector::redirect($backurl);

return;

} else

$errorMessage = "Incorrect credentials!";

**0 comments on commit 88a517d**

Please sign in to comment.

CVE-2015-10052: fixed security vulnerability in redirect (missing validation) · calesanz/gibb-modul-151@88a517d

A vulnerability, which was classified as critical, has been found in bony2023 Discussion-Board. Affected by this issue is the function display_all_replies of the file functions/main.php. The manipulation of the argument str leads to sql injection. The name of the patch is 26439bc4c63632d63ba89ebc0f149b25a9010361. It is recommended to apply a patch to fix this issue. VDB-218378 is the identifier assigned to this vulnerability.

@@ -0,0 +1,61 @@ <style\> #ppBody { font-size:11pt; width:100%; margin:0 auto; text-align:justify; }  
#ppHeader { font-family:verdana; font-size:21pt; width:100%; margin:0 auto; }  
.ppConsistencies { display:none; } </style\><div id\='ppHeader'\>funchayat.in Privacy Policy</div\><div id\='ppBody'\><div class\='ppConsistencies'\><div class\='col-2'\> <div class\="quick-links text-center"\>Information Collection</div\> </div\><div class\='col-2'\> <div class\="quick-links text-center"\>Information Usage</div\> </div\><div class\='col-2'\> <div class\="quick-links text-center"\>Information Protection</div\> </div\><div class\='col-2'\> <div class\="quick-links text-center"\>Cookie Usage</div\> </div\><div class\='col-2'\> <div class\="quick-links text-center"\>3rd Party Disclosure</div\> </div\><div class\='col-2'\> <div class\="quick-links text-center"\>3rd Party Links</div\> </div\></div\><div style\='clear:both;height:10px;'\></div\><div class\='ppConsistencies'\><div class\='col-2'\> <div class\="col-12 quick-links2 gen-text-center"\>Google AdSense</div\> </div\><div class\='col-2'\> <div class\="col-12 quick-links2 gen-text-center"\> Fair Information Practices <div class\="col-8 gen-text-left gen-xs-text-center" style\="font-size:12px;position:relative;left:20px;"\>Fair information<br\> Practices</div\> </div\> </div\><div class\='col-2'\> <div class\="col-12 quick-links2 gen-text-center coppa-pad"\> COPPA  
</div\> </div\><div class\='col-2'\> <div class\="col-12 quick-links2 quick4 gen-text-center caloppa-pad"\> CalOPPA  
</div\> </div\><div class\='col-2'\> <div class\="quick-links2 gen-text-center"\>CAN-SPAM</div\> </div\><div class\='col-2'\> <div class\="quick-links2 gen-text-center"\>Our Contact Information<br\></div\> </div\></div\><div style\='clear:both;height:10px;'\></div\> <div class\='innerText'\>This privacy policy has been compiled to better serve those who are concerned with how their 'Personally identifiable information' (PII) is being used online. PII, as used in US privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information in accordance with our website.<br\></div\><span id\='infoCo'\></span\><br\><div class\='grayText'\><strong\>What personal information do we collect from the people that visit our blog, website or app?</strong\></div\><br /><div class\='innerText'\>When ordering or registering on our site, as appropriate, you may be asked to enter your name, email address, mailing address or other details to help you with your experience.</div\><br\><div class\='grayText'\><strong\>When do we collect information?</strong\></div\><br /><div class\='innerText'\>We collect information from you when you register on our site, fill out a form or enter information on our site.</div\><br\><span id\='infoUs'\></span\><br\><div class\='grayText'\><strong\>How do we use your information? </strong\></div\><br /><div class\='innerText'\> We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:<br\><br\></div\><div class\='innerText'\>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <strong\>&bull;</strong\> To personalize user's experience and to allow us to deliver the type of content and product offerings in which you are most interested.</div\><div class\='innerText'\>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <strong\>&bull;</strong\> To allow us to better service you in responding to your customer service requests.</div\><span id\='infoPro'\></span\><br\><div class\='grayText'\><strong\>How do we protect visitor information?</strong\></div\><br /><div class\='innerText'\>Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible.<br\><br\></div\><div class\='innerText'\>We use regular Malware Scanning.<br\><br\></div\><div class\='innerText'\>We do not use an SSL certificate</div\><div class\='innerText'\>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <strong\>&bull;</strong\> We only provide articles and information, we never ask for personal or private information like email addresses, or credit card numbers.</div\><span id\='coUs'\></span\><br\><div class\='grayText'\><strong\>Do we use 'cookies'?</strong\></div\><br /><div class\='innerText'\>We do not use cookies for tracking purposes </div\><div class\='innerText'\><br\>You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Internet Explorer) settings. Each browser is a little different, so look at your browser's Help menu to learn the correct way to modify your cookies.<br\></div\><br\><div class\='innerText'\>If you disable cookies off, some features will be disabled that make your site experience more efficient and some of our services will not function properly.</div\><br\><div class\='innerText'\>However, you can still place orders .</div\><br\><span id\='trDi'\></span\><br\><div class\='grayText'\><strong\>Third Party Disclosure</strong\></div\><br /><div class\='innerText'\>We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information.</div\><span id\='trLi'\></span\><br\><div class\='grayText'\><strong\>Third party links</strong\></div\><br /><div class\='innerText'\>We do not include or offer third party products or services on our website.</div\><span id\='gooAd'\></span\><br\><div class\='blueText'\><strong\>Google</strong\></div\><br /><div class\='innerText'\>Google's advertising requirements can be summed up by Google's Advertising Principles. They are put in place to provide a positive experience for users. https://support.google.com/adwordspolicy/answer/1316548?hl=en <br\><br\></div\><div class\='innerText'\>We have not enabled Google AdSense on our site but we may do so in the future.</div\><span id\='calOppa'\></span\><br\><div class\='blueText'\><strong\>California Online Privacy Protection Act</strong\></div\><br /><div class\='innerText'\>CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law's reach stretches well beyond California to require a person or company in the United States (and conceivably the world) that operates websites collecting personally identifiable information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals with whom it is being shared, and to comply with this policy. - See more at: http://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf<br\></div\><div class\='innerText'\><br\><strong\>According to CalOPPA we agree to the following:</strong\></div\><div class\='innerText'\>Users can visit our site anonymously</div\><div class\='innerText'\>Once this privacy policy is created, we will add a link to it on our home page, or as a minimum on the first significant page after entering our website.</div\><div class\='innerText'\>Our Privacy Policy link includes the word 'Privacy', and can be easily be found on the page specified above.</div\><div class\='innerText'\><br\>Users will be notified of any privacy policy changes:</div\><div class\='innerText'\>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <strong\>&bull;</strong\> On our Privacy Policy Page</div\><div class\='innerText'\>Users are able to change their personal information:</div\><div class\='innerText'\>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <strong\>&bull;</strong\> By emailing us</div\><div class\='innerText'\><br\><strong\>How does our site handle do not track signals?</strong\></div\><div class\='innerText'\>We honor do not track signals and do not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place. </div\><div class\='innerText'\><br\><strong\>Does our site allow third party behavioral tracking?</strong\></div\><div class\='innerText'\>It's also important to note that we do not allow third party behavioral tracking</div\><span id\='coppAct'\></span\><br\><div class\='blueText'\><strong\>COPPA (Children Online Privacy Protection Act)</strong\></div\><br /><div class\='innerText'\>When it comes to the collection of personal information from children under 13, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the nation's consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online.<br\><br\></div\><div class\='innerText'\>We market to<div class\='innerText'\>We do not collect information from children under 13</div\> children under 13.</div\><div class\='innerText'\>No</div\><div class\='innerText'\><br\><strong\>In order to remove your child's information please contact the following personnel: </strong\></div\><div class\='innerText'\><br\><strong\>We adhere to the following COPPA tenants: </strong\></div\><div class\='innerText'\>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <strong\>&bull;</strong\> Parents can review, delete, manage or refuse with whom their child's information is shared through contacting us directly.</div\> or contacting us directly.</div\><br\><span id\='ftcFip'\></span\><br\><div class\='blueText'\><strong\>Fair Information Practices</strong\></div\><br /><div class\='innerText'\>The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.<br\><br\></div\><div class\='innerText'\><strong\>In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:</strong\></div\><div class\='innerText'\>We will notify the users via email</div\><div class\='innerText'\>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <strong\>&bull;</strong\> Within 1 business day</div\><div class\='innerText'\>We will notify the users via in site notification</div\><div class\='innerText'\>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <strong\>&bull;</strong\> Within 1 business day</div\><div class\='innerText'\><br\>We also agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or a government agency to investigate and/or prosecute non-compliance by data processors.</div\><span id\='canSpam'\></span\><br\><div class\='blueText'\><strong\>CAN SPAM Act</strong\></div\><br /><div class\='innerText'\>The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.<br\><br\></div\><div class\='innerText'\><strong\>We collect your email address in order to:</strong\></div\><div class\='innerText'\><br\><strong\>To be in accordance with CANSPAM we agree to the following:</strong\></div\><div class\='innerText'\><strong\><br\>If at any time you would like to unsubscribe from receiving future emails, you can</strong\></div\> and we will promptly remove you from <strong\>ALL</strong\> correspondence.</div\><br\><span id\='ourCon'\></span\><br\><div class\='blueText'\><strong\>Contacting Us</strong\></div\><br /><div class\='innerText'\>If there are any questions regarding this privacy policy you may contact us using the information below.<br\><br\></div\><div class\='innerText'\>funchayat.in</div\> <div class\='innerText'\></div\> <div class\='innerText'\></div\> <div class\='innerText'\></div\> <div class\='innerText'\></div\><div class\='innerText'\>help@funchayat.in</div\> <div class\='innerText'\></div\></div\>

CVE-2015-10051: Added function to prevent SQL Injection · bony2023/Discussion-Board@26439bc

A vulnerability was found in brandonfire miRNA_Database_by_PHP_MySql. It has been declared as critical. This vulnerability affects the function __construct/select_single_rna/count_rna of the file inc/model.php. The manipulation leads to sql injection. The name of the patch is 307c5d510841e6142ddcbbdbb93d0e8a0dc3fd6a. It is recommended to apply a patch to fix this issue. VDB-218374 is the identifier assigned to this vulnerability.

@@ -14,8 +14,9 @@ public function \_\_construct($db\_name){ function select\_single\_rna($new){  
try { $results = $this\->db\->query("SELECT \* FROM \`mirna\` WHERE Name = '$new'");  
$results = $this\->db\->prepare("SELECT \* FROM \`mirna\` WHERE Name = ?"); $results\->bindParam(1,$new); $results\->execute(); } catch(Exception $e) { echo"Could not query the database."; @@ -25,14 +26,19 @@ function select\_single\_rna($new){ return $mirnas; }  
function count\_rna($name,$tissue){ function count\_rna($name,$tissue,$onc\=''){ try { if($tissue == "all"){ $total = $this\->db\->query("SELECT count(\*) FROM mirna WHERE Name LIKE '%$name%'");  
$total = $this\->db\->prepare("SELECT count(\*) FROM mirna WHERE Name LIKE ? AND Cancer\_Effect LIKE ?"); $total\->bindValue(1,"%" . $name . "%"); $total\->bindValue(2,"%" . $onc . "%"); $total\->execute(); } else { $total = $this\->db\->query("SELECT count(\*) FROM mirna WHERE Name LIKE '%$name%' AND tissue = '$tissue'");  
$total = $this\->db\->prepare("SELECT count(\*) FROM mirna WHERE Name LIKE ? AND tissue = ? AND Cancer\_Effect LIKE ?"); $total\->bindValue(1,"%" . $name . "%"); $total\->bindParam(2,$tissue); $total\->bindValue(3,"%" . $onc . "%"); $total\->execute(); } } catch(Exception $e){ echo"Could not query the database."; @@ -42,14 +48,23 @@ function count\_rna($name,$tissue){ $total\_n = intval($arr\[0\]\["count(\*)"\]); return $total\_n; } function select\_rnas($name,$tissue,$records\_perpage\=100,$c\_p\=0){ function select\_rnas($name,$tissue,$records\_perpage\=100,$c\_p\=0,$onc\=''){ try { if($tissue == "all"){ $results = $this\->db\->query("SELECT \* FROM mirna WHERE Name LIKE '%$name%' ORDER BY databaseid ASC LIMIT $records\_perpage OFFSET $c\_p");  
$results = $this\->db\->prepare("SELECT \* FROM mirna WHERE Name LIKE ? AND Cancer\_Effect LIKE ? ORDER BY databaseid ASC LIMIT ? OFFSET ?"); $results\->bindValue(1,"%" . $name . "%"); $results\->bindValue(2,"%" . $onc . "%"); $results\->bindParam(3,$records\_perpage,PDO::PARAM\_INT); $results\->bindParam(4,$c\_p,PDO::PARAM\_INT); $results\->execute(); } else { $results = $this\->db\->query("SELECT \* FROM mirna WHERE Name LIKE '%$name%' AND tissue = '$tissue' ORDER BY databaseid ASC LIMIT $records\_perpage OFFSET $c\_p");  
$results = $this\->db\->prepare("SELECT \* FROM mirna WHERE Name LIKE ? AND tissue = ? AND Cancer\_Effect LIKE ? ORDER BY databaseid ASC LIMIT ? OFFSET ?"); $results\->bindValue(1,"%" . $name . "%"); $total\->bindParam(2,$tissue); $results\->bindValue(3,"%" . $onc . "%"); $results\->bindParam(4,$records\_perpage,PDO::PARAM\_INT); $results\->bindParam(5,$c\_p,PDO::PARAM\_INT); $results\->execute(); } } catch(Exception $e){ echo"Could not query the database.";

CVE-2015-10050: prevent sql injection · brandonfire/miRNA_Database_by_PHP_MySql@307c5d5

A vulnerability classified as critical was found in SourceCodester Online Food Ordering System. This vulnerability affects unknown code of the file admin_class.php of the component Login Module. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-218386 is the identifier assigned to this vulnerability.

Permalink

main

Switch branches/tags

**Name already in use**

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Go to file

*   Go to file

*   Copy path
*   Copy permalink

Hanfu-l Add files via upload

Latest commit 5e8c2c3 Jan 15, 2023

**History**

**1** contributor

**Users who have contributed to this file**

116 KB

Download

*   Open with Desktop
*   Download
*   Delete file

Sorry, something went wrong. Reload?

Sorry, we cannot display this file.

Sorry, this file is invalid so it cannot be displayed.

Tag

#php