#php

Chuksrio LMS version 2.9 suffers from an insecure direct object reference vulnerability.

Blog Site version 1.0 suffers from a remote SQL injection vulnerability.

QuickJob version 6.1 suffers from an ignored default credential vulnerability.

Prison Management System version version 1.0 suffers from an ignored default credential vulnerability.

Pharmacy Management System version 1.0 suffers from an ignored default credential vulnerability.

Online Payment Hub System version 1.0 suffers from an ignored default credential vulnerability.

Innue Business Live Chat version 2.5 suffers from an ignored default credential vulnerability.

### Description: Remote Code Execution Vulnerability has been identified in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The uploaded file can be accessed publicly through the URL `{admidio_base_url}/adm_my_files/messages_attachments/{file_name}`. The vulnerability is caused due to the lack of file extension verification, allowing malicious files to be uploaded to the server and public availability of the uploaded file. An attacker can upload a PHP web shell that executes OS commands on the server, compromising the application server. Note: I am using the docker-compose.yaml file from https://github.com/Admidio/admidio/blob/master/README-Docker.md#docker-compose-usage official documentation. ### Impact: An attacker can exploit this flaw to upload a PHP web shell, which can be used to execute arbitrary commands on the server. This can lead to a complete compromise of the application server, allowing the attacker to: - E...

### Description: An SQL Injection has been identified in the `/adm_program/modules/ecards/ecard_send.php` source file of the Admidio Application. The SQL Injection results in a compromise of the application's database. The value of `ecard_recipients `POST parameter is being directly concatenated with the SQL query in the source code causing the SQL Injection. The SQL Injection can be exploited by a member user, using blind condition-based, time-based, and Out of band interaction SQL Injection payloads. I successfully exploited SQL Injections by causing Time Delays. Advancing the payload, I was able to exfiltrate data from the database based on trial and error conditions and step-wise enumerating the characters of the database name. This was done as a POC of SQL Injection. An attacker could simply drop the database by providing a single payload, steal data, and potentially update the database according to their will. ### Impact: SQL injection (SQLi) vulnerabilities can have serious c...

A threat actor known as Stargazer Goblin has set up a network of inauthentic GitHub accounts to fuel a Distribution-as-a-Service (DaaS) that propagates a variety of information-stealing malware and netting them $100,000 in illicit profits over the past year. The network, which comprises over 3,000 accounts on the cloud-based code hosting platform, spans thousands of repositories that are used to