#php

CRM Education Akademik version 9.0 suffers from a directory traversal vulnerability.

CREDITS PREVICINI CMS version 1.02 suffers from a cross site scripting vulnerability.

Creative Commons Attribution version 3.0 suffers from a remote SQL injection vulnerability.

Courier Deprixa Pro Integrated Web System version 3.2.5 suffers from a cross site request forgery vulnerability.

Coupons CMS version 4.00 suffers from an open redirection vulnerability.

ConverTo Video Downloader and Converter version 1.4.2 suffers from a file download vulnerability.

OXID eShop Enterprise Edition 6.5.0 – 6.5.2 before 6.5.3 allows uploading files with modified headers in the administration area. An attacker can upload a file with a modified header to create a HTTP Response Splitting attack.

Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project.

PHPJabbers Catering System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /index.php?controller=pjAdmin&action=pjActionForgot.

Cross Site Scripting vulnerability in Faculty Evaulation System using PHP/MySQLi v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the page parameter.