#php

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.1.

Inout SiteSearch version 2.0.1 suffers from a cross site scripting vulnerability.

Gigaland NFT Marketplace version 1.9 suffers from remote shell upload and ETH private key disclosure vulnerabilities.

An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php.

Authentication Bypass by Primary Weakness in GitHub repository cockpit-hq/cockpit prior to 2.2.2.

The GREYD.SUITE WordPress theme does not properly validate uploaded custom font packages, and does not perform any authorization or csrf checks, allowing an unauthenticated attacker to upload arbitrary files including php source files, leading to possible remote code execution (RCE).

The VR Calendar WordPress plugin through 2.2.2 lets any user execute arbitrary PHP functions on the site.

The E Unlocked - Student Result WordPress plugin through 1.0.4 is lacking CSRF and validation when uploading the School logo, which could allow attackers to make a logged in admin upload arbitrary files, such as PHP via a CSRF attack

A vulnerability has been found in SourceCodester Simple and Nice Shopping Cart Script and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /mkshope/login.php. The manipulation of the argument msg leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206401 was assigned to this vulnerability.

A vulnerability classified as problematic has been found in SourceCodester Guest Management System. This affects an unknown part of the file myform.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206397 was assigned to this vulnerability.