#php

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by configuration. This issue has been fixed in version 8.0. Users unable to upgrade should install the PHP OpenSSL extension and make sure session encryption is enabled in LAM main configuration.

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. glpi-inventory-plugin is a plugin for GLPI to handle inventory management. In affected versions a SQL injection can be made using package deployment tasks. This issue has been resolved in version 1.0.2. Users are advised to upgrade. Users unable to upgrade should delete the `front/deploypackage.public.php` file if they are not using the `deploy tasks` feature.

A vulnerability was found in Analytics Stats Counter Statistics Plugin 1.2.2.5 and classified as critical. This issue affects some unknown processing. The manipulation leads to code injection. The attack may be initiated remotely.

WordPress Simple Page Transition plugin version 1.4.1 suffers from a persistent cross site scripting vulnerability.

WordPress W-DALIL plugin version 2.0 suffers from a persistent cross site scripting vulnerability.

WordPress Weblizar plugin version 8.9 suffers from a remote code execution vulnerability.

Coffee Shop Cashiering System version 1.0 suffers from a remote time-based SQL injection vulnerability.

Library Management System with QR Code version 1.0 suffers from a remote SQL injection vulnerability.

Library Management System with QR Code version 1.0 suffers from a persistent cross site scripting vulnerability.

Library Management System with QR Code version 1.0 suffers from a remote shell upload vulnerability.