#php

Jasmin Ransomware version 1.1 suffers from an arbitrary file read vulnerability.

A remote code execution vulnerability in Gibbon online school platform version 26.0.00 and lower allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the endpoint /modules/System%20Admin/import_run.php&type=externalAssessment&step=4. As it allows remote code execution, adversaries could exploit this flaw to execute arbitrary commands, potentially resulting in complete system compromise, data exfiltration, or unauthorized access to sensitive information.

The Positron Broadcast Digital Signal Processor TRA7005 version 1.20 suffers from an authentication bypass through a direct and unauthorized access to the password management functionality. The vulnerability allows attackers to bypass Digest authentication by manipulating the password endpoint _Passwd.html and its payload data to set a user's password to arbitrary value or remove it entirely. This grants unauthorized access to protected areas (/user, /operator, /admin) of the application without requiring valid credentials, compromising the device's system security.

User Registration and Login and User Management System version 3.2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

WordPress Membership for WooCommerce plugin versions prior to 2.1.7 suffer from a remote shell upload vulnerability.

Nearly three months after Operation Cronos, it's clear the gang is not bouncing back from the innovative law-enforcement action. RaaS operators are on notice, and businesses should pay attention.

Early versions of `amphp/http-client` with HTTP/2 support (v4.0.0-rc10 to 4.0.0) will collect HTTP/2 `CONTINUATION` frames in an unbounded buffer and will not check the header size limit until it has received the `END_HEADERS` flag, resulting in an OOM crash. Later versions of `amphp/http-client` (v4.1.0-rc1 and up) depend on `amphp/http` for HTTP/2 processing and will therefore need an updated version of `amphp/http`, see [GHSA-qjfw-cvjf-f4fm](https://github.com/amphp/http/security/advisories/GHSA-qjfw-cvjf-f4fm). ## Acknowledgements Thank you to [Bartek Nowotarski](https://nowotarski.info/) for reporting the vulnerability.

`amphp/http` will collect HTTP/2 `CONTINUATION` frames in an unbounded buffer and will not check the header size limit until it has received the `END_HEADERS` flag, resulting in an OOM crash. `amphp/http-client` and `amphp/http-server` are indirectly affected if they're used with an unpatched version of `amphp/http`. Early versions of `amphp/http-client` with HTTP/2 support (v4.0.0-rc10 to 4.0.0) are also directly affected. ## Acknowledgements Thank you to [Bartek Nowotarski](https://nowotarski.info/) for reporting the vulnerability.

Server Side Request Forgery (SSRF) vulnerability in Gleez Cms 1.2.0, allows remote attackers to execute arbitrary code and obtain sensitive information via modules/gleez/classes/request.php.

Computer Laboratory Management System version 1.0 suffers from a persistent cross site scripting vulnerability.