#php

Online Bus Ticketing version 1.0 suffers from an insecure direct object reference vulnerability.

Online Appointment System version 1.0 suffers from an ignored default credential vulnerability.

Multi-Vendor Online Groceries Management System version 1.0 suffers from an ignored default credential vulnerability.

`core/authorize.php` in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of `hash_salt` is `file_get_contents` of a file that does not exist.

A vulnerability has been found in FeehiCMS up to 2.1.1 and classified as critical. This vulnerability affects the function createBanner of the file /admin/index.php?r=banner%2Fbanner-create. The manipulation of the argument BannerForm[img] leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, was found in FeehiCMS up to 2.1.1. This affects the function update of the file /admin/index.php?r=friendly-link%2Fupdate. The manipulation of the argument FriendlyLink[image] leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

MSMS-PHP version 1.0 suffers from an ignored default credential vulnerability.

Laundry Management System version 1.0 suffers from a remote file inclusion vulnerability.

File Management System version 1.0 suffers from an arbitrary file upload vulnerability.

SPIP version 4.2.2 suffers from a code execution vulnerability.