Security
Headlines
HeadlinesLatestCVEs

Tag

#php

WordPress Kero jQuery/HTML Dashboard PRO 2.3.86 SQL Injection

WordPress Kero jQuery/HTML Dashboard PRO theme version 2.3.86 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Packet Storm
Open in Source
#sql#vulnerability#windows#google#wordpress#php#auth#firefox
NetArt Media Blog LITE 2.1 Cross Site Scripting

NetArt Media Blog LITE version 2.1 suffers from a persistent cross site scripting vulnerability.

Student Study Center Management System 1.0 Cross Site Scripting

Student Study Center Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

CVE-2023-3337

A vulnerability was found in PuneethReddyHC Online Shopping System Advanced 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/reg.php of the component Admin Registration. The manipulation leads to improper authentication. The attack can be launched remotely. The identifier VDB-232009 was assigned to this vulnerability.

CVE-2023-3320: WP Sticky Social <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Wordfence Intelligence

The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation in the ~/admin/views/admin.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

BBoard Forum 1.0 Cross Site Scripting

BBoard Forum version 1.0 suffers from a persistent cross site scripting vulnerability.

elearning-SES 1.0 Sql Injection

elearning-SES version 1.0 suffers from a remote SQL injection vulnerability.

GHSA-3p2q-mh7q-9pxj: Duplicate Advisory: elFinder vulnerable to path traversal in LocalVolumeDriver connector

### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wm5g-p99q-66g4. This link is maintained to preserve external references. ### Original Description _joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector.

CVE-2023-35840: [VD:LocalFileSystem] Security fixes, directory traversal vulnerability · Studio-42/elFinder@bb9aaa7

_joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector.

CVE-2023-3311

A vulnerability, which was classified as problematic, was found in SourceCodester Advance Charity Management System 1.0. This affects an unknown part of the file addsuppliers.php. The manipulation of the argument First name leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-231807.