Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2022-40447: ZZCMS2022 is vulnerable to SQL injection in "baojia_list.php" · Issue #5 · liong007/ZZCMS

ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the keyword parameter at /admin/baojia_list.php.

CVE
Open in Source
#sql#vulnerability#windows#google#ubuntu#git#php#auth
CVE-2022-40446: ZZCMS2022 is vulnerable to SQL injection · Issue #4 · liong007/ZZCMS

ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the component /admin/sendmailto.php?tomail=&groupid=.

CVE-2022-40443: ZZCMS absolute path information disclosure vulnerability · Issue #1 · liong007/ZZCMS

An absolute path traversal vulnerability in ZZCMS 2022 allows attackers to obtain sensitive information via a crafted GET request sent to /one/siteinfo.php.

CVE-2022-40444: ZZCMS management landing page Path Disclosure · Issue #2 · liong007/ZZCMS

ZZCMS 2022 was discovered to contain a full path disclosure vulnerability via the page /admin/index.PHP? _server.

CVE-2022-38073: Awesome Support – WordPress HelpDesk & Support Plugin

Multiple Authenticated (custom specific plugin role) Persistent Cross-Site Scripting (XSS) vulnerability in Awesome Support plugin <= 6.0.7 at WordPress.

CVE-2022-36386: Import any XML or CSV File to WordPress

Authenticated Arbitrary Code Execution vulnerability in Soflyy Import any XML or CSV File to WordPress plugin <= 3.6.7 at WordPress.

CVE-2022-40028: CVE_HUNTER/2022-09-01-XSS2.md at main · xidaner/CVE_HUNTER

SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fullName parameter.

CVE-2022-40027: CVE_HUNTER/2022-09-01-XSS1.md at main · xidaner/CVE_HUNTER

SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newTask.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName parameter.

CVE-2022-40026: CVE_HUNTER/2022-09-01-SQL1.md at main · xidaner/CVE_HUNTER

SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at board.php.

GHSA-28r9-pq4c-wp3c: personnummer/rust vulnerable to Improper Input Validation

This vulnerability was reported to the personnummer team in June 2020. The slow response was due to locked ownership of some of the affected packages, which caused delays to update packages prior to disclosure. The vulnerability is determined to be low severity. ### Impact This vulnerability impacts users who rely on the for last digits of personnummer to be a _real_ personnummer. ### Patches The issue have been patched in all repositories. The following versions should be updated to as soon as possible: [C#](https://github.com/advisories/GHSA-qv8q-v995-72gr) 3.0.2 D 3.0.1 [Dart](https://github.com/advisories/GHSA-4xh4-v2pq-jvhm) 3.0.3 Elixir 3.0.0 [Go](https://github.com/advisories/GHSA-hv53-vf5m-8q94) 3.0.1 [Java](https://github.com/advisories/GHSA-q3vw-4jx3-rrr2) 3.3.0 [JavaScript](https://github.com/advisories/GHSA-vpgc-7h78-gx8f) 3.1.0 Kotlin 1.1.0 Lua 3.0.1 [PHP](https://github.com/advisories/GHSA-2p6g-gjp8-ggg9) 3.0.2 Perl 3.0.0 [Python](https://git...