Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2022-36136: ChurchCRM Version 4.4.5 — Stored XSS Vulnerability at Deposit Commend

ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input Deposit Comment.

CVE
Open in Source
#xss#vulnerability#google#git#php#chrome
CVE-2022-45307: Vuln/php-weak-permission-vuln.md at main · ycdxsb/Vuln

Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\tools\php81 and all files located in that folder.

CVE-2022-45214: CVE/CVE-2022-45214.txt at main · Rajeshwar40/CVE

A cross-site scripting (XSS) vulnerability in Sanitization Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter at /php-sms/classes/Login.php.

CVE-2022-45223: Web-Based Student Clearance System in PHP Free Source Code v1.0 — Unrestricted input leads to xss

Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /Admin/add-student.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtfullname parameter.

GHSA-3fgr-xjr6-xqm8: code injection in phpxmlrpc/phpxmlrpc

code injection in `Wrapper::buildClientWrapperCode` via manipulation of the `$client` argument. It was possible to force the client to access local files or connect to undesired urls instead of the intended target server's url.

CVE-2022-4169: Vulnerability Advisories Continued - Wordfence

The Theme and plugin translation for Polylang is vulnerable to authorization bypass in versions up to, and including, 3.2.16 due to missing capability checks in the process_polylang_theme_translation_wp_loaded() function. This makes it possible for unauthenticated attackers to update plugin and theme translation settings and to import translation strings.

CVE-2022-44399: bug_report/SQLi-1.md at main · tavenli/bug_report

Poultry Farm Management System v1.0 contains a SQL injection vulnerability via the del parameter at /Redcock-Farm/farm/category.php.

vBulletin 5.5.2 PHP Object Injection

vBulletin versions 5.5.2 and below suffers from an issue where user input passed through the "messageids" request parameter to /ajax/api/vb4_private/movepm is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by malicious users to inject arbitrary PHP objects into the application scope, allowing them to carry out a variety of attacks, such as executing arbitrary PHP code.

Red Hat Security Advisory 2022-8650-01

Red Hat Security Advisory 2022-8650-01 - Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.

CVE-2022-44401: bug_report/RCE-1.md at main · lcg-22266/bug_report

Online Tours & Travels Management System v1.0 contains an arbitrary file upload vulnerability via /tour/admin/file.php.