Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2021-41434

A stored Cross-Site Scripting (XSS) vulnerability exists in version 1.0 of the Expense Management System application that allows for arbitrary execution of JavaScript commands through index.php.

CVE
Open in Source
#xss#vulnerability#java#php
CVE-2022-39261: security #cve- Fix a security issue on filesystem loader (possibility… · twigphp/Twig@35f3035

Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the `source` or `include` statement to read arbitrary files from outside the templates' directory when using a namespace like `@somewhere/../some.file`. In such a case, validation is bypassed. Versions 1.44.7, 2.15.3, and 3.4.3 contain a fix for validation of such template names. There are no known workarounds aside from upgrading.

CVE-2022-3332: vuls/Food Ordering Management System router.php SQL Injection.pdf at main · vuls/vuls

A vulnerability classified as critical has been found in SourceCodester Food Ordering Management System. This affects an unknown part of the file router.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-209583.

CVE-2021-41433: CVE-References/CVE-2021-41433.md at main · martinkubecka/CVE-References

SQL Injection vulnerability exists in version 1.0 of the Resumes Management and Job Application Website application login form by EGavilan Media that allows authentication bypass through login.php.

CVE-2022-40878: Offensive Security’s Exploit Database Archive

In Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in profile page to achieve Remote Code Execution (RCE).

CVE-2022-40877: Offensive Security’s Exploit Database Archive

Exam Reviewer Management System 1.0 is vulnerable to SQL Injection via the ‘id’ parameter.

CVE-2022-40354: Bug_report/SQLi-3.md at main · songbingxue/Bug_report

Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_booking.php.

CVE-2022-40353: Bug_report/SQLi-2.md at main · songbingxue/Bug_report

Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/up_booking.php.

CVE-2022-40352: Bug_report/SQLi-1.md at main · songbingxue/Bug_report

Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_traveller.php.

Online Birth Certificate Management System 1.0 Cross Site Scripting

Online Birth Certificate Management System version 1.0 suffers from a cross site scripting vulnerability.