Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2022-43228: bug_report/SQLi-1.md at main · HKD01l/bug_report

Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /clearance/clearance.php.

CVE
Open in Source
#sql#vulnerability#windows#php#auth#firefox
CVE-2022-43229: bug_report/SQLi-2.md at main · HKD01l/bug_report

Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /bookings/update_status.php.

CVE-2022-43232: bug_report/SQLi-2.md at main · HKD01l/bug_report

Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the userid parameter at /php_action/fetchOrderData.php.

CVE-2022-43231: bug_report/RCE-1.md at main · HKD01l/bug_report

Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/manage_website.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

CVE-2022-43233: bug_report/SQLi-1.md at main · HKD01l/bug_report

Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the userid parameter at /php_action/fetchSelectedUser.php.

CVE-2022-43230: bug_report/SQLi-1.md at main · HKD01l/bug_report

Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=bookings/view_details.

CVE-2022-2864: Changeset 2772352 for demon-image-annotation – WordPress Plugin Repository

The demon image annotation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7. This is due to missing nonce validation in the ~/includes/settings.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE-2022-43170: Stored Cross Site Scripting Vulnerability on "Dashboard Configuration" in rukovoditel 3.2.1 · Issue #6 · anhdq201/rukovoditel

A stored cross-site scripting (XSS) vulnerability in the Dashboard Configuration feature (index.php?module=dashboard_configure/index) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add info block".

CVE-2022-43169: Stored Cross Site Scripting Vulnerability on "Users Access Groups" in rukovoditel 3.2.1 · Issue #3 · anhdq201/rukovoditel

A stored cross-site scripting (XSS) vulnerability in the Users Access Groups feature (/index.php?module=users_groups/users_groups) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Group".

CVE-2022-43165: Stored Cross Site Scripting Vulnerability on "Global Variables" in rukovoditel 3.2.1 · Issue #5 · anhdq201/rukovoditel

A stored cross-site scripting (XSS) vulnerability in the Global Variables feature (/index.php?module=global_vars/vars) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Value parameter after clicking "Create".