Security
Headlines
HeadlinesLatestCVEs

Tag

#php

MVC Shop 0.5 Directory Traversal

MVC Shop version 0.5 suffers from a directory traversal vulnerability.

Packet Storm
Open in Source
#vulnerability#web#windows#google#git#php#auth#firefox
PHP Live 3.1 Cross Site Scripting

PHP Live version 3.1 suffers from a cross site scripting vulnerability.

Acelle Email Marketing 4.0.25 Arbitrary File Upload

Acelle Email Marketing version 4.0.25 suffers from an arbitrary file upload vulnerability.

CVE-2023-3183: bugReport/XSS.md at main · wenwochunfeng/bugReport

A vulnerability was found in SourceCodester Performance Indicator System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/addproduct.php. The manipulation of the argument prodname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231163.

CVE-2023-2286: Settings.php in wp-security-audit-log/trunk/classes/Views – WordPress Plugin Repository

The WP Activity Log for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajax_run_cleanup function. This makes it possible for unauthenticated attackers to invoke this function via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE-2023-3184

A vulnerability was found in SourceCodester Sales Tracker Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=save. The manipulation of the argument firstname/middlename/lastname/username leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-231164.

CVE-2023-3177: cvv/Lost and Found Information System - multiple vulnerabilities.md at main · AnotherN/cvv

A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin\inquiries\view_inquiry.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231151.

CVE-2023-3176

A vulnerability, which was classified as critical, was found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file admin\user\manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-231150 is the identifier assigned to this vulnerability.

CVE-2023-2688: Diff [2909107:2915978] for wp-file-upload/trunk – WordPress Plugin Repository

The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfu_newpath. This allows administrator-level attackers to move files uploaded with the plugin (located in wp-content/uploads by default) outside of the web root.

CVE-2023-2557: Changeset 2911049 for currency-switcher – WordPress Plugin Repository

The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to edit an arbitrary custom drop-down currency switcher.