Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2022-4090

A vulnerability was found in rickxy Stock Management System and classified as problematic. This issue affects some unknown processing of the file us_transac.php?action=add. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214331.

CVE
Open in Source
#vulnerability#php
CVE-2022-4089: Reflective XSS vulnerability in Stock Management System · Issue #3 · rickxy/Stock-Management-System

A vulnerability was found in rickxy Stock Management System. It has been declared as problematic. This vulnerability affects unknown code of the file /pages/processlogin.php. The manipulation of the argument user leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214324.

CVE-2022-4088

A vulnerability was found in rickxy Stock Management System and classified as critical. Affected by this issue is some unknown functionality of the file /pages/processlogin.php. The manipulation of the argument user/password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214322 is the identifier assigned to this vulnerability.

CVE-2022-4136

Attackers can call any existing functions at will, control the target server to access, download, create files, delete files, etc. Access may make the server a dos server. Download, so that an attacker can download the PHP Trojan to the server. Creating and deleting will destroy normal services. More than ten IPs are using this service.

CVE-2022-45280: EyouCMS v1.6.0 existence stored cross-site scripting (XSS) · Issue #32 · weng-xianhu/eyoucms

A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

CVE-2022-45278: jizhicms v2.3.3 has a vulnerability, SQL injection · Issue #83 · Cherry-toto/jizhicms

Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html component.

CVE-2022-45276: GitHub - Zoe0427/YJCMS

An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated attackers to obtain the Administrator account password.

CVE-2022-44120: CVE-2022-44120

dedecmdv6 6.1.9 is vulnerable to SQL Injection. via sys_sql_query.php.

CVE-2022-44118: CVE-2022-44118

dedecmdv6 v6.1.9 is vulnerable to Remote Code Execution (RCE) via file_manage_control.php.

CVE-2022-43196: CVE-2022-43196

dedecmdv6 v6.1.9 is vulnerable to Arbitrary file deletion via file_manage_control.php.