#php

Dolphin version 7.4.2 suffers from a remote blind SQL injection vulnerability.

e107 version 2.3.3 suffers from a cross site scripting vulnerability.

Codeprojects E-Commerce version 1.0 suffers from an ignored default credential vulnerability.

Blog Site version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Best Courier Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Appointment Scheduler version 4.0 suffers from an insecure direct object reference vulnerability.

### Impact Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. (CSRF) Affected products: * Icinga Web (>=2.12.0) * Icinga DB Web (>=1.0.0) * Icinga Notifications Web (>=0.1.0) * Icinga Web JIRA Integration (>=1.3.0) All affected products, in any version, will be unaffected by this once `icinga-php-library` is upgraded. ### Patches Version 0.10.1 will include a fix for this. It will be published as part of the `icinga-php-library` v0.14.1 release.

Tourism Management System version 2.0 suffers from a cross site scripting vulnerability.

Computer Laboratory Management System version 1.0 suffers from an incorrect access control that allows for privilege escalation.

Leads Manager Tool suffers from remote SQL injection and cross site scripting vulnerabilities.