#php

A vulnerability, which was classified as problematic, has been found in SourceCodester Game Result Matrix System 1.0. Affected by this issue is some unknown functionality of the file /dipam/save-delegates.php of the component GET Parameter Handler. The manipulation of the argument del_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-232238 is the identifier assigned to this vulnerability.

Cross Site Scripting (XSS) vulnerability in Neox Contact Center 2.3.9, via the serach_sms_api_name parameter to the SMA API search.

An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality.

Fortra Globalscape EFT's administration server suffers from an information disclosure vulnerability where the serial number of the harddrive that Globalscape is installed on can be remotely determined via a "trial extension request" message

libming listswf 0.4.7 was discovered to contain a buffer overflow in the parseSWF_DEFINEFONTINFO() function at parser.c.

funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via the plugins install.

ACJWEB DESIGNER version 1.0 suffers from a remote SQL injection vulnerability.

laravel-s prior to 3.7.36 is vulnerable to Local File Inclusion via `/src/Illuminate/Laravel.php`.

A reflected cross-site scripting (XSS) vulnerability in DATEV eG Personal-Management System Comfort/Comfort Plus v15.1.0 to v16.1.1 P4 allows attackers to steal targeted users' login data by sending a crafted link.

laravel-s 3.7.35 is vulnerable to Local File Inclusion via /src/Illuminate/Laravel.php.