#php

A Reflected Cross-site scripting (XSS) vulnerability located in htdocs/compta/paiement/card.php of Dolibarr before 19.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the facid parameter.

Fastly researchers discover unauthenticated stored XSS attacks plaguing WordPress Plugins including WP Meta SEO, and the popular WP…

Employee and Visitor Gate Pass Logging System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

FreePBX suffers from a remote code execution vulnerability. Versions 14, 15, and 16 are all affected.

appRain CMF version 4.0.5 suffers from a remote shell upload vulnerability.

CMSimple version 5.15 suffers from a remote shell upload vulnerability.

Monstra CMS version 3.0.4 suffers from a remote code execution vulnerability. Original discovery of code execution in this version is attributed to Ishaq Mohammed in December of 2017.

Dotclear version 2.29 suffers from a remote code execution vulnerability.

WBCE CME version 1.6.2 suffers from a remote code execution vulnerability.

Serendipity version 2.5.0 suffers from a remote code execution vulnerability.