Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2022-46061: CVE/registration_ClickJacking.md at master · rdyx0/CVE

AeroCMS v0.0.1 is vulnerable to ClickJacking.

CVE
Open in Source
#vulnerability#php
CVE-2022-4446: chore(Migration) delete obsolete migration files · tsolucio/corebos@8035e72

PHP Remote File Inclusion in GitHub repository tsolucio/corebos prior to 8.0.

CVE-2022-4444: Resolvido issues do XSS · ipti/br.tag@7e311be

A vulnerability was found in ipti br.tag. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.13.0 is able to address this issue. The name of the patch is 7e311be22d3a0a1b53e61cb987ba13d681d85f06. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215431.

Judging Management System 1.0 Shell Upload

Judging Management System version 1.0 a remote shell upload vulnerability.

Judging Management System 1.0 SQL Injection

Judging Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

CVE-2022-45275: bug_report/RCE-1.md at main · ATKF/bug_report

An arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=save_settings of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

CVE-2022-3912

The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example.

CVE-2022-3982

The Booking calendar, Appointment Booking System WordPress plugin before 3.2.2 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE

CVE-2022-3359

The Shortcodes and extra features for Phlox WordPress plugin through 2.10.5 unserializes the content of an imported file, which could lead to PHP object injection when a user imports (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.

CVE-2022-3881

The WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log WordPress plugin before 3.43 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org