Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2022-43078: CVE_Hunter/XSS-2.md at main · Tr0e/CVE_Hunter

A cross-site scripting (XSS) vulnerability in /admin/add-fee.php of Web-Based Student Clearance System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter.

CVE
Open in Source
#xss#vulnerability#web#windows#apple#php#auth#chrome#webkit
CVE-2022-43079: CVE_Hunter/XSS-3.md at main · Tr0e/CVE_Hunter

A cross-site scripting (XSS) vulnerability in /admin/add-fee.php of Train Scheduler App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter.

CVE-2022-3789: GitHub - whiex/-Tim-Campus-Confession-Wall: Tim Campus Confession Wall

A vulnerability has been found in Tim Campus Confession Wall and classified as critical. Affected by this vulnerability is an unknown functionality of the file share.php. The manipulation of the argument post_id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212611.

CVE-2022-3790

A vulnerability was found in Flipbook Plugin and classified as problematic. Affected by this issue is some unknown functionality of the file post.php of the component Edit Post Handler. The manipulation of the argument Shortcode leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212612.

Last Years Open Source - Tomorrow's Vulnerabilities

Linus Torvalds, the creator of Linux and Git, has his own law in software development, and it goes like this: "given enough eyeballs, all bugs are shallow." This phrase puts the finger on the very principle of open source: the more, the merrier - if the code is easily available for anyone and everyone to fix bugs, it's pretty safe. But is it? Or is the saying "all bugs are shallow" only true for

CVE-2022-43355: bug_report/SQLi-3.md at main · daytime888/bug_report

Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_service.

CVE-2022-43354: bug_report/SQLi-2.md at main · daytime888/bug_report

Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/manage_request.

CVE-2022-43353: bug_report/SQLi-1.md at main · daytime888/bug_report

Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order.

CVE-2022-40296: Server-side request forgery (SSRF) in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC.

The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other downstream systems.

CVE-2022-40295: Authenticated sensitive information disclosure in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC.

The application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via offline attacks.