#php

The Customizer Export/Import WordPress plugin before 0.9.5 unserializes the content of an imported file, which could lead to PHP object injection issues when an admin imports (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.

A vulnerability has been found in EmbedPress Plugin and classified as problematic. Affected by this vulnerability is an unknown functionality of the file post.php of the component Shortcode Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212503.

Simple Cold Storage Management System version 1.0 suffers from a remote SQL injection vulnerability.

Train Scheduler App version 1.0 suffers from an insecure direct object reference vulnerability.

Apple Security Advisory 2022-10-27-14 - Safari 16 addresses buffer overflow, code execution, out of bounds read, and spoofing vulnerabilities.

A vulnerability classified as critical was found in Yunjing CMS. This vulnerability affects unknown code of the file /index/user/upload_img.html. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212500.

A vulnerability, which was classified as critical, has been found in easyii CMS. This issue affects the function file of the file helpers/Upload.php of the component File Upload Management. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The identifier VDB-212501 was assigned to this vulnerability.

phpMyFAQ prior to version 3.1.8 is vulnerable to reflected cross-site scripting.

phpMyFAQ prior to version 3.1.8 is vulnerable to stored Cross-site Scripting.

Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.8.