Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2023-44973: emlog/Template-getshell.md at main · yangliukk/emlog

An arbitrary file upload vulnerability in the component /content/templates/ of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.

CVE
Open in Source
#vulnerability#git#php
CVE-2023-39645: [CVE-2023-39645] Improper neutralization of SQL parameter in Theme Volty CMS Payment Icon module for PrestaShop

Theme volty tvcmspaymenticon up to v4.0.1 was discovered to contain a SQL injection vulnerability via the component /tvcmspaymenticon/ajax.php?action=update_position&recordsArray.

WordPress Contact Form Generator 2.5.5 Cross Site Scripting

WordPress Contact Form Generator plugin version 2.5.5 suffers from a cross site scripting vulnerability.

WordPress KiviCare 3.2.0 Cross Site Scripting

WordPress KiviCard plugin version 3.2.0 suffers from a cross site scripting vulnerability.

Apple Security Advisory 09-26-2023-6

Apple Security Advisory 09-26-2023-6 - Xcode 15 addresses memory disclosure, privilege escalation, and credential access vulnerabilities.

CVE-2023-4882: Multiple Vulnerabilities Open5gs | INCIBE-CERT

DOS vulnerability that could allow an attacker to register a new VNF (Virtual Network Function) value. This action could trigger the args_assets() function defined in the arg-log.php file, which would then execute the args-abort.c file, causing the service to crash.

CVE-2023-2544: Authorization Bypass Upv Peix | INCIBE-CERT

Authorization bypass vulnerability in UPV PEIX, affecting the component "pdf_curri_new.php". Through a POST request, an authenticated user could change the ID parameter to retrieve all the stored information of other registered users.

CVE-2023-43980: [CVE-2023-43980] Improper neutralization of SQL parameter in Presto Changeo - Test Site Creator module for PrestaShop

Presto Changeo testsitecreator up to v1.1.1 was discovered to contain a SQL injection vulnerability via the component disable_json.php.

CVE-2023-43835: Super Store Finder 3.7 Remote Command Execution ≈ Packet Storm

Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content.

Electrolink FM/DAB/TV Transmitter Pre-Auth MPFS Image Remote Code Execution

Electrolink FM/DAB/TV Transmitter allows access to an unprotected endpoint that allows an MPFS File System binary image upload without authentication. The MPFS2 file system module provides a light-weight read-only file system that can be stored in external EEPROM, external serial Flash, or internal Flash program memory. This file system serves as the basis for the HTTP2 web server module, but is also used by the SNMP module and is available to other applications that require basic read-only storage capabilities. This can be exploited to overwrite the flash program memory that holds the web server's main interfaces and execute arbitrary code.