Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2022-31390: [Vuln] SSRF vulnerability in `update` Function of `TemplateController.php` File when `$action` is `start-download` (2.2.5 version) · Issue #75 · Cherry-toto/jizhicms

Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php.

CVE
Open in Source
#vulnerability#web#windows#apple#apache#js#java#php#ssrf#chrome#webkit
CVE-2022-31386: [Vuln] SSRF vulnerability in getFileBinary Function · Issue #5 · Fanli2012/nbnbk

A Server-Side Request Forgery (SSRF) in the getFileBinary function of nbnbk cms 3 allows attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the URL parameter.

CVE-2022-29254: [CVE-2022-29254] Add extra validation on payment completion · silverstripe/silverstripe-omnipay@7dee9a1

silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. For a subset of Omnipay gateways (those that use intermediary states like `isNotification()` or `isRedirect()`), if the payment identifier or success URL is exposed it is possible for payments to be prematurely marked as completed without payment being taken. This is mitigated by the fact that most payment gateways hide this information from users, however some issuing banks offer flawed 3DSecure implementations that may inadvertently expose this data. The following versions have been patched to fix this issue: `2.5.2`, `3.0.2`, `3.1.4`, and `3.2.1`. There are no known workarounds for this vulnerability.

CVE-2022-24896: request #26729 Tracker report renderer and chart widgets leak informa… · Enalean/tuleap@8e99e7c

Tuleap is a Free & Open Source Suite to manage software developments and collaboration. In versions prior to 13.7.99.239 Tuleap does not properly verify authorizations when displaying the content of tracker report renderer and chart widgets. Malicious users could use this vulnerability to retrieve the name of a tracker they cannot access as well as the name of the fields used in reports.

CVE-2022-31325: SQL Injection vulnerability in ChurchCRM 4.4.5 via /churchcrm/WhyCameEditor.php · Issue #6005 · ChurchCRM/CRM

There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'PersonID' field in /churchcrm/WhyCameEditor.php.

WordPress Download Manager 3.2.42 Cross Site Scripting

WordPress Download Manager versions 3.2.42 and below suffer from a cross site scripting vulnerability.

CVE-2022-1997: Bypass filter - Stored XSS in Resources in rosariosis

Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.

CVE-2022-1686: Security Bulletin

The Five Minute Webshop WordPress plugin through 1.3.2 does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an SQL Injection

CVE-2022-1692: Security Bulletin

The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the ordering_by query parameter before using it in a SQL statement in pages where the [codepeople-image-store] is embed, allowing unauthenticated users to perform an SQL injection attack

CVE-2022-1684: Security Bulletin

The Cube Slider WordPress plugin through 1.2 does not sanitise and escape the idslider parameter before using it in various SQL queries, leading to SQL Injections exploitable by high privileged users such as admin