Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2022-30423: bug_report/RCE-1.md at main · ffYYy6x0y1/bug_report

Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system information.

CVE
Open in Source
#vulnerability#windows#php#auth#firefox
CVE-2022-30352: SQL injection in phpABook

phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanitization of user-supplied data in the "auth_user" parameter in index.php script.

CVE-2022-30817: bug_report/SQLi-1.md at main · k0xx11/bug_report

Simple Bus Ticket Booking System 1.0 is vulnerable to SQL Injection via /SimpleBusTicket/index.php.

CVE-2022-29725: There is a file upload vulnerability in the background settings page · Issue #161 · Creatiwity/wityCMS

An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file.

CVE-2022-30814: bug_report/SQLi-5.md at main · k0xx11/bug_report

elitecms v1.01 is vulnerable to SQL Injection via /admin/add_sidebar.php.

CVE-2022-30816: bug_report/SQLi-6.md at main · k0xx11/bug_report

elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_sidebar.php.

CVE-2022-30810: bug_report/SQLi-2.md at main · k0xx11/bug_report

elitecms v1.01 is vulnerable to SQL Injection via admin/edit_post.php.

CVE-2022-30813: bug_report/SQLi-3.md at main · k0xx11/bug_report

elitecms 1.01 is vulnerable to SQL Injection via /admin/add_post.php.

CVE-2022-30809: bug_report/SQLi-1.md at main · k0xx11/bug_report

elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_page.php?page=.

CVE-2022-30815: bug_report/SQLi-4.md at main · k0xx11/bug_report

elitecms 1.01 is vulnerable to SQL Injection via admin/edit_sidebar.php?page=2&sidebar=