Security
Headlines
HeadlinesLatestCVEs

Tag

#php

GHSA-6x28-7h8c-chx4: Dompdf allows remote file inclusion because URI validation failure does not halt font registration

`registerFont` in `FontMetrics.php` in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a `@font-face` rule.

ghsa
Open in Source
#git#php#pdf
CVE-2022-41343: Release Dompdf 2.0.1 · dompdf/dompdf

registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule.

CVE-2022-40113: BugReport/sql_injection3.md at main · 0clickjacking0/BugReport

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/send_funds.php.

CVE-2022-40114: Found a vulnerability · Issue #16 · zakee94/online-banking-system

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/edit_customer.php.

CVE-2022-40115: BugReport/sql_injection1.md at main · 0clickjacking0/BugReport

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/delete_beneficiary.php.

CVE-2022-40116: Found a vulnerability · Issue #13 · zakee94/online-banking-system

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at /net-banking/beneficiary.php.

CVE-2022-40117: BugReport/sql_injection2.md at main · 0clickjacking0/BugReport

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/delete_customer.php.

CVE-2022-40118: BugReport/sql_injection4.md at main · 0clickjacking0/BugReport

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/send_funds_action.php.

CVE-2022-40119: Found a vulnerability · Issue #11 · zakee94/online-banking-system

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search_term parameter at /net-banking/transactions.php.

CVE-2022-40120: Found a vulnerability · Issue #14 · zakee94/online-banking-system

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search_term parameter at /net-banking/customer_transactions.php.