Security
Headlines
HeadlinesLatestCVEs

Tag

#php

Bangresta 1.0 SQL Injection

Bangresta version 1.0 suffers from a remote SQL injection vulnerability.

Packet Storm
Open in Source
#sql#vulnerability#git#php#auth#sap
GHSA-jw6x-4h8h-569x: Roots Soil plugin vulnerable to Cross-site Scripting

A vulnerability, which was classified as problematic, was found in Roots soil Plugin up to 4.1.0. Affected is the function language_attributes of the file src/Modules/CleanUpModule.php. The manipulation of the argument language leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 4.1.1 is able to address this issue. The name of the patch is 0c9151e00ab047da253e5cdbfccb204dd423269d. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215904.

CVE-2022-4524: 🔒️ XSS fix on `language_attributes` (#285) · roots/soil@0c9151e

A vulnerability, which was classified as problematic, was found in Roots soil Plugin up to 4.1.0. Affected is the function language_attributes of the file src/Modules/CleanUpModule.php. The manipulation of the argument language leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 4.1.1 is able to address this issue. The name of the patch is 0c9151e00ab047da253e5cdbfccb204dd423269d. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215904.

CVE-2022-4514

A vulnerability, which was classified as problematic, was found in Opencaching Deutschland oc-server3. Affected is an unknown function of the file htdocs/lang/de/ocstyle/varset.inc.php. The manipulation of the argument varvalue leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 4bdd6a0e7b7760cea03b91812cbb80d7b16e3b5f. It is recommended to apply a patch to fix this issue. VDB-215886 is the identifier assigned to this vulnerability.

CVE-2020-20588: There is a Arbitrary File Upload vulnerability that can upload a php file and be executed. · Issue #13 · zhimengzhe/iBarn

File upload vulnerability in function upload in action/Core.class.php in zhimengzhe iBarn 1.5 allows remote attackers to run arbitrary code via avatar upload to index.php.

CVE-2020-21219: Prevent ACME output from being interpreted as HTML. Fixes #9888 · pfsense/FreeBSD-ports@a6f443c

Cross Site Scripting (XSS) vulnerability in Netgate pf Sense 2.4.4-Release-p3 and Netgate ACME package 0.6.3 allows remote attackers to to run arbitrary code via the RootFolder field to acme_certificate_edit.php page of the ACME package.

CVE-2021-39426: SeaCMS (2021-08-18) is a vulnerability that can cause rce · Issue #21 · seacms-com/seacms

An issue was discovered in /Upload/admin/admin_notify.php in Seacms 11.4 allows attackers to execute arbitrary php code via the notify1 parameter when the action parameter equals set.

CVE-2021-39427: 188Jianzhan V 2.10 XSS vulnerability exists · Issue #4 · vtime-tech/188Jianzhan

Cross site scripting vulnerability in 188Jianzhan 2.10 allows attackers to execute arbitrary code via the username parameter to /admin/reg.php.

CVE-2021-39428: There is a vulnerability in eyuCMS v1.5.4 could cause Cross site Scripting(XSS) · Issue #14 · weng-xianhu/eyoucms

Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain escalated privilege via the filename for edit_users_head_pic.

CVE-2022-44235: VoIP simpliclty of Zed-3 is vulnerable to Cross Site Scripting (XSS) · Issue #1 · liong007/Zed-3

Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) is vulnerable to Cross Site Scripting (XSS).