#php

Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a File upload vulnerability in treatmentrecord.php.

A Remote Code Execution (RCE) vulnerability exists in waimairen 9.1 via wx.php

A Remote Code Execution (RCE) vulnerability exists in waimairen 9.1 via wx.php

ShopWind <= 3.4.2 has a RCE vulnerability in Database.php

ShopWind <= v3.4.2 has a Sql injection vulnerability in Database.php

ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Read via tp.php

ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Write via admin/controllers/tp.php

Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Delete vulnerability via the neirong parameter at \backend\controllers\DbController.php.

Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Download vulnerability via the neirong parameter at \backend\controllers\DbController.php.

Joomla SexyPolling version 2.1.7 suffers from a remote SQL injection vulnerability.