Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2020-35675: Release 3.0 · bigprof-software/online-invoicing-system

BigProf Online Invoicing System before 3.0 offers a functionality that allows an administrator to move the records of members across groups. The applicable endpoint (admin/pageTransferOwnership.php) lacks CSRF protection, resulting in an attacker being able to escalate their privileges to Administrator and effectively taking over the application.

CVE
Open in Source
#csrf#vulnerability#git#php
CVE-2021-43403: Add better log filename validation. · fusionpbx/fusionpbx@57b7bf0

An issue was discovered in FusionPBX before 4.5.30. The log_viewer.php Log View page allows an authenticated user to choose an arbitrary filename for download (i.e., not necessarily freeswitch.log in the intended directory).

CVE-2022-31629: You must be logged in

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.

CVE-2022-31628: You must be logged in

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.

CVE-2021-41434

A stored Cross-Site Scripting (XSS) vulnerability exists in version 1.0 of the Expense Management System application that allows for arbitrary execution of JavaScript commands through index.php.

CVE-2022-39261: security #cve- Fix a security issue on filesystem loader (possibility… · twigphp/Twig@35f3035

Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the `source` or `include` statement to read arbitrary files from outside the templates' directory when using a namespace like `@somewhere/../some.file`. In such a case, validation is bypassed. Versions 1.44.7, 2.15.3, and 3.4.3 contain a fix for validation of such template names. There are no known workarounds aside from upgrading.

CVE-2022-3332: vuls/Food Ordering Management System router.php SQL Injection.pdf at main · vuls/vuls

A vulnerability classified as critical has been found in SourceCodester Food Ordering Management System. This affects an unknown part of the file router.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-209583.

CVE-2021-41433: CVE-References/CVE-2021-41433.md at main · martinkubecka/CVE-References

SQL Injection vulnerability exists in version 1.0 of the Resumes Management and Job Application Website application login form by EGavilan Media that allows authentication bypass through login.php.

CVE-2022-40878: Offensive Security’s Exploit Database Archive

In Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in profile page to achieve Remote Code Execution (RCE).

CVE-2022-40877: Offensive Security’s Exploit Database Archive

Exam Reviewer Management System 1.0 is vulnerable to SQL Injection via the ‘id’ parameter.