Security
Headlines
HeadlinesLatestCVEs

Tag

#php

NetArt Media Blog LITE 2.1 Cross Site Scripting

NetArt Media Blog LITE version 2.1 suffers from a persistent cross site scripting vulnerability.

Packet Storm
Open in Source
#sql#xss#vulnerability#web#php#auth
Student Study Center Management System 1.0 Cross Site Scripting

Student Study Center Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

CVE-2023-3337

A vulnerability was found in PuneethReddyHC Online Shopping System Advanced 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/reg.php of the component Admin Registration. The manipulation leads to improper authentication. The attack can be launched remotely. The identifier VDB-232009 was assigned to this vulnerability.

CVE-2023-3320: WP Sticky Social <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Wordfence Intelligence

The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation in the ~/admin/views/admin.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

BBoard Forum 1.0 Cross Site Scripting

BBoard Forum version 1.0 suffers from a persistent cross site scripting vulnerability.

elearning-SES 1.0 Sql Injection

elearning-SES version 1.0 suffers from a remote SQL injection vulnerability.

GHSA-3p2q-mh7q-9pxj: Duplicate Advisory: elFinder vulnerable to path traversal in LocalVolumeDriver connector

### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wm5g-p99q-66g4. This link is maintained to preserve external references. ### Original Description _joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector.

CVE-2023-35840: [VD:LocalFileSystem] Security fixes, directory traversal vulnerability · Studio-42/elFinder@bb9aaa7

_joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector.

CVE-2023-3311

A vulnerability, which was classified as problematic, was found in SourceCodester Advance Charity Management System 1.0. This affects an unknown part of the file addsuppliers.php. The manipulation of the argument First name leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-231807.

CVE-2023-3310

A vulnerability, which was classified as critical, has been found in code-projects Agro-School Management System 1.0. Affected by this issue is some unknown functionality of the file loaddata.php. The manipulation of the argument subject/course leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-231806 is the identifier assigned to this vulnerability.