Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2023-30122: bug_report/RCE-1.md at main · xtxxueyan/bug_report

An arbitrary file upload vulnerability in the component /admin/ajax.php?action=save_menu of Online Food Ordering System v2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.

CVE
Open in Source
#sql#vulnerability#windows#php#auth#firefox
CVE-2017-20183

A vulnerability was found in External Media without Import Plugin up to 1.0.0 on WordPress. It has been declared as problematic. This vulnerability affects the function print_media_new_panel of the file external-media-without-import.php. The manipulation of the argument url/error/width/height/mime-type leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is 9d2ecd159a6e2e3f710b4f1c28e2714f66502746. It is recommended to upgrade the affected component. VDB-227950 is the identifier assigned to this vulnerability.

CVE-2023-30264: CVE-2023-30264

CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via application/admin/controller/Template.php:update.

CVE-2023-30264: HuBenVulList/CLTPHP6.0 Unrestricted Upload of File with Dangerous Type 2.md at main · HuBenLab/HuBenVulList

CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via application/admin/controller/Template.php:update.

CVE-2023-30268: CVE-2023-30268

CLTPHP <=6.0 is vulnerable to Improper Input Validation.

CVE-2023-2523: cve/Weaver.md at main · RCEraser/cve

A vulnerability was found in Weaver E-Office 9.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file App/Ajax/ajax.php?action=mobile_upload_save. The manipulation of the argument upload_quwan leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-228014 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2023-30184: Typecho <= 1.2.0 Comments URL with Stored-XSS Vulnerability · Issue #1546 · typecho/typecho

A stored cross-site scripting (XSS) vulnerability in Typecho v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter at /index.php/archives/1/comment.

CVE-2023-30203: bug_report/SQLi-2.md at main · debug601/bug_report

Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the event_id parameter at /php-jms/result_sheet.php.

Companymaps 8.0 SQL Injection

Companymaps version 8.0 suffers from a remote SQL injection vulnerability.

Companymaps 8.0 Cross Site Scripting

Companymaps version 8.0 suffers from a cross site scripting vulnerability.