#php

POS Codekop version 2.0 suffers from a remote shell upload vulnerability.

The Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly available.

AppleZeed CMS version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

ApPHP MicroCMS version 1.0.1 re-embeds arbitrary content from the client into web pages.

ApnaTrademark CMS version 2.5 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Allhandsmarketing CMS version 3.01 suffers from a remote SQL injection vulnerability.

Car Rental Script version 1.8 suffers from a cross site scripting vulnerability.

Allhandsmarketing LMS version 2.0 suffers from a cross site request forgery vulnerability.

Adveris CMS version 3.0 suffers from a cross site scripting vulnerability.

Advanced HRM version 1.6 allows for the reseting of the administrative password.