Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2023-43326: mooSocial - PHP Social Networking Software

mooSocial v3.1.8 was discovered to contain a cross-site scripting (XSS) vulnerability via the change email function.

CVE
Open in Source
#sql#xss#vulnerability#web#ios#android#apache#redis#git#php
CVE-2023-43457: CVE-2023-43457 - Broken Access Control (BAC)

An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges via the ID parameter in the /php-spms/admin/?page=user/ endpoint.

CVE-2023-43132: test

szvone vmqphp <=1.13 is vulnerable to SQL Injection. Unauthorized remote users can use sql injection attacks to obtain the hash of the administrator password.

CVE-2023-43458: Resort Reservation System in PHP and SQLite3 Source Code Free Download

Cross Site Scripting (XSS) vulnerability in Resort Reservation System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the room, name, and description parameters in the manage_room function.

CVE-2023-39640: [CVE-2023-39640] Improper neutralization of SQL parameter in Cookie Law - Banner + Cookie blocker module for PrestaShop

UpLight cookiebanner before 1.5.1 was discovered to contain a SQL injection vulnerability via the component Hook::getHookModuleExecList().

CVE-2023-43456: CVE-2023-43456 - Stored Cross-Site Scripting (XSS)

Cross Site Scripting vulnerability in Service Provider Management System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the firstname, middlename and lastname parameters in the /php-spms/admin/?page=user endpoint.

OPNsense 23.1.11_1 / 23.7.3 / 23.7.4 Cross Site Scripting / Privilege Escalation

OPNsense versions 23.1.11_1, 23.7.3, and 23.7.4 suffer from cross site scripting vulnerabilities that can allow for privilege escalation.

LogoBee CMS 0.2 Cross Site Scripting

LogoBee CMS version 0.2 suffers from a cross site scripting vulnerability.

CVE-2023-5154: cve/D-LINK-DAR-8000-10_upload_ changelogo.md at main · llixixi/cve

** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-8000 up to 20151231 and classified as critical. This vulnerability affects unknown code of the file /sysmanage/changelogo.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-240250 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

CVE-2023-5153: cve/D-LINK-DAR-8000-10_sql_ querysql.md at main · llixixi/cve

** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-8000 up to 20151231. This affects an unknown part of the file /Tool/querysql.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240249 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.