Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2022-47866: CVE/sql in removeBrand.php.md at main · xiumulty/CVE

Lead management system v1.0 is vulnerable to SQL Injection via the id parameter in removeBrand.php.

CVE
#sql#git#php
CVE-2022-47865: CVE/sql in removeOrder.php.md at main · xiumulty/CVE

Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeOrder.php.

CVE-2018-25073: Release 1.2.7 · Newcomer1989/TSN-Ranksystem

A vulnerability has been found in Newcomer1989 TSN-Ranksystem up to 1.2.6 and classified as problematic. This vulnerability affects the function getlog of the file webinterface/bot.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.2.7 is able to address this issue. The name of the patch is b3a3cd8efe2cd3bd3c5b3b7abf2fe80dbee51b77. It is recommended to upgrade the affected component. VDB-218002 is the identifier assigned to this vulnerability.

CVE-2023-22952: sa-2023-001 - SugarCRM Support Site

In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation.

CVE-2023-22963: GHSA-4xh4-v2pq-jvhm - GitHub Advisory Database

The personnummer implementation before 3.0.3 for Dart mishandles numbers in which the last four digits match the ^000[0-9]$ regular expression.

CVE-2023-22959: GitHub - chenan224/webchess_sqli_poc

WebChess through 0.9.0 and 1.0.0.rc2 allows SQL injection: mainmenu.php, chess.php, and opponentspassword.php (txtFirstName, txtLastName).

CVE-2022-48252: Remote Code Execution via OS Command Injection

The jokob-sk/Pi.Alert fork (before 22.12.20) of Pi.Alert allows Remote Code Execution via nmap_scan.php (scan parameter) OS Command Injection.

CVE-2023-22945: ⚓ T321733 action=growthmanagementorlist makes it possible for blocked users to enroll as mentors

In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties.

CVE-2022-4382: security - Re: Linux Kernel: usb: A use-after-free Write in put_dev

A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was found. It could be triggered by yanking out a device that is running the gadgetfs side.