#php

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in racer-results.php.

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in inc/kiosks.inc.

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in photo-thumbs.php.

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in checkin.php.

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in photo.php.

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in render-document.php.

Seo Panel version 4.7.0 suffers from a cross site scripting vulnerability.

Human Resource Management System 2024 version 1.0 suffers from a remote SQL injection vulnerability.

Jasmin Ransomware version 1.1 suffers from an arbitrary file read vulnerability.

A remote code execution vulnerability in Gibbon online school platform version 26.0.00 and lower allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the endpoint /modules/System%20Admin/import_run.php&type=externalAssessment&step=4. As it allows remote code execution, adversaries could exploit this flaw to execute arbitrary commands, potentially resulting in complete system compromise, data exfiltration, or unauthorized access to sensitive information.