Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2023-22952: sa-2023-001 - SugarCRM Support Site

In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation.

CVE
#vulnerability#php#rce
CVE-2023-22963: GHSA-4xh4-v2pq-jvhm - GitHub Advisory Database

The personnummer implementation before 3.0.3 for Dart mishandles numbers in which the last four digits match the ^000[0-9]$ regular expression.

CVE-2023-22959: GitHub - chenan224/webchess_sqli_poc

WebChess through 0.9.0 and 1.0.0.rc2 allows SQL injection: mainmenu.php, chess.php, and opponentspassword.php (txtFirstName, txtLastName).

CVE-2022-48252: Remote Code Execution via OS Command Injection

The jokob-sk/Pi.Alert fork (before 22.12.20) of Pi.Alert allows Remote Code Execution via nmap_scan.php (scan parameter) OS Command Injection.

CVE-2023-22945: ⚓ T321733 action=growthmanagementorlist makes it possible for blocked users to enroll as mentors

In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties.

CVE-2022-4382: security - Re: Linux Kernel: usb: A use-after-free Write in put_dev

A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was found. It could be triggered by yanking out a device that is running the gadgetfs side.

CVE-2023-0162: Diff [2574013:2844012] for cpo-companion/trunk – WordPress Plugin Repository

The CPO Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its content type settings parameters in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Microsoft: Kinsing Targets Kubernetes via Containers, PostgreSQL

The cryptomining malware, which typically targets Linux, is exploiting weaknesses in an open source container tool for initial access to cloud environments.