#php

A vulnerability was found in SimplePHPscripts Funeral Script PHP 3.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-233288.

A vulnerability was found in SourceCodester Shopping Website 1.0. It has been classified as critical. Affected is an unknown function of the file check_availability.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-233286 is the identifier assigned to this vulnerability.

Lost and Found Information System version 1.0 suffers from a remote SQL injection vulnerability.

Gila CMS version 1.10.9 suffers from a remote code execution vulnerability.

DANGEROUS MAILER-CLONED version 2.0 suffers from an information leakage vulnerability.

DaillyTools suffers from a remote command execution vulnerability.

CakePHP Test Suite version 2.7.0 suffers from a cross site scripting vulnerability.

Aplikasi Sistem Informasi Kelulusan CMS version 1.0.9 suffers from a local file inclusion vulnerability.

AGVirtues Galeria version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

### Impact Servers that passed their keys to the CryptKey constructor as as string instead of a file path will have had that key included in a LogicException message if they did not provide a valid pass phrase for the key where required. ### Patches This issue has been patched so that the provided key is no longer exposed in the exception message in the scenario outlined above. Users should upgrade to version 8.5.3 to receive the patch ### Workarounds We recommend upgrading the oauth2-server to the latest version. If you are unable to upgrade you can avoid this security issue by passing your key as a file instead of a string. ### References [Pull request](https://github.com/thephpleague/oauth2-server/pull/1353) for the applied fix.