Security
Headlines
HeadlinesLatestCVEs

Tag

#php

Kruxton 1.0 SQL Injection

Kruxton version 1.0 suffers from a remote SQL injection vulnerability.

Packet Storm
Open in Source
#sql#vulnerability#web#git#php#auth
Kruxton 1.0 Shell Upload

Kruxton version 1.0 suffers from a remote shell upload vulnerability.

WBCE 1.6.0 SQL Injection

WBCE version 1.6.0 suffers from a remote SQL injection vulnerability.

AMPLE BILLS 0.1 SQL injection

AMPLE BILLS version 0.1 suffers from a remote SQL injection vulnerability.

Moodle 3.10.1 SQL Injection

Moodle version 3.10.1 suffers from a remote time-based SQL injection vulnerability.

Windows Apps Vulnerable to Command Injection via “BatBadBut” Flaw

By Deeba Ahmed Critical 'BatBadBut' Flaw in Windows Lets Hackers Inject Commands (Patch Now!) This is a post from HackRead.com Read the original post: Windows Apps Vulnerable to Command Injection via “BatBadBut” Flaw

GHSA-chcp-g9j5-3xxx: Dusk plugin may allow unfettered user authentication in misconfigured installs

The Dusk plugin provides some special routes as part of its testing framework to allow a browser environment (such as headless Chrome) to act as a user in the Backend or User plugin without having to go through authentication. This route is `[[URL]]/_dusk/login/[[USER ID]]/[[MANAGER]]` - where `[[URL]]` is the base URL of the site, `[[USER ID]]` is the ID of the user account and `[[MANAGER]]` is the authentication manager (either `backend` for Backend, or `user` for the User plugin). If a configuration of a site using the Dusk plugin is set up in such a way that the Dusk plugin is available publicly and the test cases in Dusk are run with live data, this route may potentially be used to gain access to any user account in either the Backend or User plugin without authentication. As indicated in the [README](https://github.com/wintercms/wn-dusk-plugin/blob/main/README.md), this plugin should only be used in development and should *NOT* be used in a production instance. It is specifical...

GHSA-6363-v5m4-fvq3: timber/timber vulnerable to Deserialization of Untrusted Data

### Summary Timber is vulnerable to [PHAR deserialization](https://portswigger.net/web-security/deserialization/exploiting#phar-deserialization) due to a lack of checking the input before passing it into the` file_exists()` function. If an attacker can upload files of any type to the server, he can pass in the `phar://` protocol to unserialize the uploaded file and instantiate arbitrary PHP objects. This can lead to remote code execution especially when Timber is used with frameworks with documented POP chains like Wordpress/ vulnerable developer code. ### Details The vulnerability lies in the run function within the `toJpg.php` file. The two parameters passed into it are not checked or sanitized, hence an attacker could potentially inject malicious input leading to Deserialization of Untrusted Data, allowing for remote code execution: ![image](https://github.com/timber/timber/assets/89630690/bcd6d031-33c6-4cc5-96b7-b72f0cf0e26c) ### PoC Setup the following code in `/var/www/html`: `...

WordPress Playlist For Youtube 1.32 Cross Site Scripting

WordPress Playlist for Youtube plugin version 1.32 suffers from a persistent cross site scripting vulnerability.

GUnet OpenEclass E-learning 3.15 File Upload / Command Execution

GUnet OpenEclass E-learning platform version 3.15 suffers from an unrestricted file upload vulnerability in certbadge.php that allows for remote command execution.