Security
Headlines
HeadlinesLatestCVEs

Tag

#php

MiniDVBLinux 5.4 SVDRP Control

MiniDVBLinux versions 5.4 and below allows the usage of the SVDRP protocol/commands to be sent by a remote attacker to manipulate and/or remotely control the TV.

Packet Storm
Open in Source
#vulnerability#web#linux#git#php
CVE-2022-3546: Stored-xss-/Poc at main · thehackingverse/Stored-xss-

A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /csms/admin/?page=user/list of the component Create User Handler. The manipulation of the argument First Name/Last Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-211046 is the identifier assigned to this vulnerability.

CVE-2022-3547: POCs/POC at main · lakshaya0557/POCs

A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /csms/admin/?page=system_info of the component Setting Handler. The manipulation of the argument System Name/System Short Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-211047.

CVE-2022-41416: bug_report/SQLi-1.md at main · ouoer/bug_report

Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /user/update_booking.php.

CVE-2022-41477: CVE_Request/WeBid_Path_Traversal.md at master · zer0yu/CVE_Request

A security issue was discovered in WeBid <=1.2.2. A Server-Side Request Forgery (SSRF) vulnerability in the admin/theme.php file allows remote attackers to inject payloads via theme parameters to read files across directories.

CVE-2022-42232: bug_report/SQLi-1.md at main · debug601/bug_report

Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/classes/Master.php?f=delete_storage.

CVE-2022-42069: Online Birth Certificate Management System in PHP Free Download

Online Birth Certificate Management System version 1.0 suffers from a persistent Cross Site Scripting (XSS) vulnerability.

CVE-2022-42064: Online Diagnostic Lab Management System 1.0 SQL Injection

Online Diagnostic Lab Management System version 1.0 remote exploit that bypasses login with SQL injection and then uploads a shell.

CVE-2022-42066: Online Examination System 1.0 Cross Site Scripting ≈ Packet Storm

Online Examination System version 1.0 suffers from a cross site scripting vulnerability via index.php.