#php

School Dormitory Management version 1.0 suffers from a remote SQL injection vulnerability.

Travel Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to Bobby Cooke and hyd3sec in August of 2020.

Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress.

Joomla Guru extension 5.2.5 is affected by: Insecure Permissions. The impact is: obtain sensitive information (remote). The component is: Access to private information and components, possibility to view other users' information. Information disclosure Access to private information and components, possibility to view other users' information.

FUDforum 3.1.1 is vulnerable to Stored XSS.

FUDforum 3.1.1 is vulnerable to Stored XSS.

Stored Cross-Site Scripting (XSS) vulnerability in Andrea Pernici News Sitemap for Google plugin <= 1.0.16 on WordPress, attackers must have contributor or higher user role.

Craft CMS version 3.7.36 suffers from a password reset poisoning vulnerability. An unauthenticated attacker who knows valid email addresses or account names of Craft CMS backend users is able to manipulate the password reset functionality in a way that the registered users of the CMS receive password reset emails containing a malicious password reset link.

ChatBot Application with a Suggestion Feature version 1.0 suffers from a remote blind SQL injection vulnerability.

SQL Injection vulnerability in admin/group_list.php in piwigo v2.9.5, via the group parameter to delete.