Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2022-43162: bug_report/SQLi-1.md at main · zys20201225/bug_report

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tests/view_test.php.

CVE
Open in Source
#sql#vulnerability#windows#php#auth#firefox
CVE-2022-43142: BugReport/XssBug.md at main · TongJinBo/BugReport

A cross-site scripting (XSS) vulnerability in the add-fee.php component of Password Storage Application v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter.

TrojanOrders Attack Hits Magento and Adobe Stores

By Deeba Ahmed According to researchers, at least seven magecart groups are targeting Magento 2 websites in TrojanOrders attacks. This is a post from HackRead.com Read the original post: TrojanOrders Attack Hits Magento and Adobe Stores

CVE-2022-44403: bug_report/SQLi-1.md at main · acvxd/bug_report

Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/?page=user/manage_user&id=.

CVE-2022-44402: bug_report/SQLi-2.md at main · acvxd/bug_report

Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_transaction.

CVE-2022-4051: SQL injection vulnerability exists in Hostel searching project · Issue #1 · itzmehedi/Hostel-searching-project-using-PHP-Mysql

A vulnerability has been found in Hostel Searching Project and classified as critical. This vulnerability affects unknown code of the file view-property.php. The manipulation of the argument property_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213844.

CVE-2022-4052

A vulnerability was found in Student Attendance Management System and classified as critical. This issue affects some unknown processing of the file /Admin/createClass.php. The manipulation of the argument Id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213845 was assigned to this vulnerability.

CVE-2022-4053: Student Attendance Management System has a storage XSS vulnerability · Issue #3 · rickxy/Student-Attendance-Management-System

A vulnerability was found in Student Attendance Management System. It has been classified as problematic. Affected is an unknown function of the file createClass.php. The manipulation of the argument className leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-213846 is the identifier assigned to this vulnerability.

CVE-2022-43138: Offensive Security’s Exploit Database Archive

Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges via a crafted API.

CVE-2022-44384: Offensive Security’s Exploit Database Archive

An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file.