PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress.

 Verified

 Fixed

**4.1**

CVSS 3.1 score Medium severity

Monitoring Coming soon

PSID 

ea831109a8b0

Classification 

PHP Object Injection

OWASP Top 10 

A1: Injection

Required privilege 

Requires shop manager (plugin specific custom user role) or higher role user authentication.

Publicly disclosed

2022-08-10

**Details**

PHP Object Injection vulnerability was discovered by Robert Rowley (Patchstack) in the WordPress Easy Digital Downloads plugin (versions <= 3.0.1).

**Solution**

Update the WordPress Easy Digital Downloads plugin to the latest available version (at least 3.0.2).

**References**

Vulnerability details

CVE-2022-33900: WordPress Easy Digital Downloads plugin <= 3.0.1 - PHP Object Injection vulnerability - Patchstack

The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Custom Fields Pro WordPress plugin before 5.12.3 allows unauthenticated users to upload files allowed in a default WP configuration (so PHP is not possible) if there is a frontend form available. This vulnerability was introduced in the 5.0 rewrite and did not exist prior to that release.

Skip to content

Advanced Custom Fields and Advanced Custom Fields Pro have 2+ million installs according to wordpress.org. Versions older than 5.12.3 allow unauthenticated users to upload arbitrary files if there is a frontend form available. This vulnerability was introduced in the 5.0 rewrite and did not exist prior to that release.

Fortunately by default WordPress does not allow uploading of .php files so this vulnerability is not easily wormable, but there are many other file types that can be uploaded that can be then used with another exploit to execute code or used in a phishing attack to get a user to download and execute a resource from a “trusted” site.

No exploit code is being released at this time.

**Timeline**

*   7/11/2022 Contacted developer
*   7/12/2022 Disclosed vulnerability
*   7/13/2022 Patch received from developer for testing
*   7/14/2022 Fix deployed to GitHub and pushed to wordpress.org plugin repository

CVE-2022-2594: Advanced Custom Fields < 5.12.3 can allow unauthenticated users to upload arbitrary files - Pritect Network

The Duplicator WordPress plugin before 1.4.7.1 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site.

**Exploit Title: WordPress Plugin Duplicator <= 1.4.7 - Unauthenticated System Information Disclosure**

    # Exploit Title: WordPress Plugin Duplicator <= 1.4.7 - Unauthenticated System Information Disclosure
    # Google Dork: N/A
    # Date: 07.27.2022
    # Exploit Author: SecuriTrust
    # Vendor Homepage: https://snapcreek.com/
    # Software Link: https://wordpress.org/plugins/duplicator/
    # Version: <= 1.4.7
    # Tested on: Linux, Windows
    # CVE : CVE-2022-2552
    # Reference: https://securitrust.fr
    # Reference: https://github.com/SecuriTrust/CVEsLab/CVE-2022-2552
    
    #Product:
    WordPress Plugin Duplicator <= 1.4.7
    
    #Vulnerability:
    1-Some system information may be disclosure.
    
    #Proof-Of-Concept:
    1-System information.
    Some system information is obtained using the "view" parameter.
    http://[PATH]/backups-dup-lite/dup-installer/main.installer.php

CVE-2022-2552: CVEsLab/CVE-2022-2552 at main · SecuriTrust/CVEsLab

The Download Manager WordPress plugin before 3.2.50 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based download blocking restrictions.

CVE-2022-2362

The LinkWorth WordPress plugin before 3.3.4 does not implement nonce checks, which could allow attackers to make a logged in admin change settings via a CSRF attack.

CVE-2022-2172: Diff [2750802:2754739] for linkworth-wp-plugin – WordPress Plugin Repository

The WP phpMyAdmin WordPress plugin before 5.2.0.4 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)

CVE-2022-2407

Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

WP OAuth Server plugin turns your WordPress site into an OAuth Server. It allows you to login into Rocket Chat, Invision Community, WordPress, Odoo, EasyGenerator, Salesforce, Zapier, Moodle, Edunext, Wickr, Freshdesk, FreshWorks, ServiceNow, Knack database, Circlo.so, Tribe.so, Tribe, Mobilize, Nextcloud, Church Online, iSpring LMS, Nextcloud, Academy of Mine, BoardEffect, TalentLMS, PowerSchool and any other OAuth 2.0 compliant applications using WordPress credentials.

Basically, the OAuth Server plugin allows users to login into applications that are OAuth 2.0 compliant, using their WordPress login credentials. As it’s name suggests, it follows the OAuth 2.0 protocol. Along with that, it also supports OpenID Connect (OIDC), and JWT protocols.

The primary goal of the OAuth Server plugin is to enable Single Sign On so that users do not need to remember username and password for each application.  
Once Single Sign On is enabled, users do not need to store sensitive information to login into different applications.

**LIST OF POPULAR OAUTH CLIENTS SUPPORTED**

*   Rocket.Chat
*   Invision Community (IPB Forum)
*   Odoo
*   WordPress
*   EasyGenerator
*   Salesforce
*   Zapier
*   Moodle
*   Edunext
*   Wickr
*   Freshdesk
*   FreshWorks
*   ServiceNow
*   Knack database
*   Circle.so
*   Tribe.so
*   Mobilize
*   Nextcloud
*   iSpring LMS
*   Church Online
*   Academy of Mine
*   BoardEffect

**WORDPRESS OAUTH / OPENID CONNECT SERVER USE CASES**

*   If you want to use your WordPress site as an Identity Server / OAuth Server / OAuth Provider and use WordPress user’s login credentials to login into your client site / application then you can use this plugin. You can also decide what kind of User data / attributes you want to send while Single Sign On into your client site / application.
*   If you want to login to your Mobile app / Single Page web app (SPA) using your WordPress credentials, then you can use the Authorization code with PKCE flow grant type to achieve your use case.
*   Single set of credentials will be used to login to multiple WordPress websites.
*   You can access the NIGINX resources using NIGINX Authentication. Once you login into your client application using WP OAuth Server credentials, you will get JWT. Your client application can further use it for NGINX Authentication.

**WORDPRESS OAUTH / OPENID CONNECT SERVER FREE VERSION FEATURES**

*   Supports Login with WordPress for Single Client application
*   Protocol Support – OAuth 2.0, OpenID Connect (OIDC)
*   Master Switch – Block / unblock OAuth API calls between OAuth Clients and Server
*   Token Length – Change the access token length
*   Server Response – Sends User ID, username, email, first name, last name, display name in the response
*   Grant types Supported – Authorization Code grant
*   OAuth API Documentation
*   Setup guides to configure the plugin with various OAuth Clients (more coming soon)

**WORDPRESS OAUTH / OPENID CONNECT SERVER PREMIUM VERSION FEATURES**

*   All FREE version features
*   Supports Login with WordPress for Multiple Client applications
*   Server Response – Sends all the profile attributes along with roles, allows to send custom attributes from usermeta table and also customize the attribute names that need to be sent in server response
*   Grant Types Supported : Authorization Code Grant, Implicit Grant, Password Grant, Client Credentials Grant, Refresh Token Grant, Authorization Code grant with PKCE flow
*   Token Lifetime – Configure the access token and refresh token expiry time
*   Enforce State Parameter – Based on client configuration, you can enable or disable state parameter
*   Authorize / Consent prompt – Enable / disable the consent screen
*   Redirect/Callback URI Validation – Enable / disable this feature, based on dynamic redirect to a different pages for certain conditions
*   Multi-Site Support – Use the plugin in WordPress Multisite network environment
*   JWT Signing Algorithm – Supports signing algorithms HSA and RSA
*   Additional endpoints – Provides OpenID Connect Discovery endpoint, Introspection endpoint, OpenID Connect Single logout endpoint  
    A grant is a method of acquiring an access token. Deciding which grants to implement depends on the type of client the end user will be using, and the experience you want for your users.

**WE SUPPORT FOLLOWING GRANTS:**

*   **Authorization code grant** : This code grant is used when there is a need to access the protected resources on behalf of the user on another third party application.
*   **Implicit grant** : This grant relies on resource owner and registration of redirect uri. In authorization code grant users need to ask for authorization and access token each time, but here access token is granted for a particular redirect uri provided by a client using a particular browser.
*   **Client credential grant** : This grant type heads towards specific clients, where access token is obtained by client by only providing client credentials. This grant type is quite confidential.
*   **Resource owner password credentials grant** : This type of grant is used where the resource owner has a trust relationship with the client. Just by using username and password, provided by resource owner authorization and authentication can be achieved.
*   **Refresh token grant** : Access tokens obtained in OAuth flow eventually expire. In this grant type client can refresh his or her access token.
*   **Authorization code grant with PKCE flow** : This grant type is used for public clients like mobile and native apps, Single Page web apps, where there is a risk of client secret being compromised.

**REST API AUTHENTICATION**

Rest API is very much open to interact. Creating posts, getting information of users and much more is readily available.  
It secures unauthorized access to your WordPress sites/pages using our WordPress REST API Authentication plugin .

**From your WordPress dashboard**

1.  Visit Plugins > Add New
2.  Search for OAuth 2.0 server. Find and Install OAuth 2.0 server
3.  Activate the plugin from your Plugins page

**From WordPress.org**

1.  Download OAuth 2.0 server.
2.  Unzip and upload the miniorange-oauth-login directory to your /wp-content/plugins/ directory.
3.  Activate miniOrange OAuth from your Plugins page.

**I need to customize the plugin or I need support and help?**

Please email us at info@xecurify.com or Contact us. You can also submit your query from plugin’s configuration page.

Initial setup was giving my team some issues and we were able to get walked through a drupal to wordpress sso setup with the team at miniorange.

The plugin works without problems, and our Wordpress site's login is now working smooth. Very helpful and capable Support, who has answered in a fast manner. They get directly to the point and answer the questions with rich answers that makes even a (in the context of SSO) less experienced user understand what is happening.

The free version of this plugin worked great for my use case. I had some issues initially that ended up being on the side of my hosting provider, but the support I received by the developers of this plugin was well beyond what I would have expected.

I tried this plugin to link Wordpress with Invision Community (IPS). According to the docs at Invision, there are 2 ways to do this. I chose the first one linking IPS to WP as the server as opposed to IPS acting as the server. My review is based on this experience but I'll try the other way too. It quick and easy to set up, and clearly there's a large amount of work gone into it, but once I'd got the connection configured, that's when I found that the logins expire after just 600 seconds, that's just 10 minutes! According to the support section, it says this is fixed at 3600 seconds, unless you upgrade to the pro. But 10 mins isn't an hour, which would be okay at minimum for a WP site member to browse and compose a comment or review on Gallery images, post in a forum etc in Invision Community forming part of the same site. Secondly, probably 90%+ of this plugin is locked down and almost everything seems to say you need to upgrade to pro. Instead of 7 tabs full of settings and options you can't use, why not create a simpler lite version with a non-intrusive ad for the pro version benefits? If you want a simple Single Sign On OAUTH solution to link your WP user accounts to your IPS accounts and sync basic profile info for the convenience of your visitors but then forget about it, it will do the job but as crippled as it is, this probably isn't what you are looking for, unless you want the pro support and anything beyond the bare minimum.

We were very impressed with the level of support given by the miniorange team. During our development we ran into a few problems due to other plugins and our custom application, which caused problems for logout. However, the miniorange team was great they were quick to respond to our questions and even attended a zoom session with us to help track down the problem. Definitely one of the best plugin authors for support. I've worked with many and these guys are second to none.

We ended up not buying the plugin but we have to admit the pre-sales support was stellar including pro-actively reaching us to help configure it.

Read all 27 reviews

“WP OAuth Server ( Login with WordPress )” is open source software. The following people have contributed to this plugin.

Contributors

**4.0.1**

*   Vulnerability fixes
*   Code improvements

**3.0.4**

*   Token Post Response header already sent warning fix

**3.0.3**

*   Database Query Optimization

**3.0.2**

*   CORS issue fix
*   Added trial option of the premium
*   Licensing page changes

**3.0.1**

*   Added compatibility with WP 5.9
*   Improved performance of website by setting autoload to false

**3.0.0**

*   Support for email attribute in the userinfo endpoint
*   Link to the OAuth API documention
*   Client specific UI improvements

**2.13.8**

*   Security Fixes

**2.13.7**

*   UI improvement – Copy button for endpoints and client credentials
*   Bug fix for supplied\_redirect\_uri
*   Consent screen on every login

**2.13.6**

*   permission\_callback warning fix

**2.13.5**

*   minor bug fixes
*   added copy button to copy the client credentials and endpoints
*   readme update

**2.13.4**

*   minor UI updates
*   added compatibility with WP 5.7

**2.13.3**

*   minor bug fixes
*   fixed compatibility with Brizzy
*   added compatibility with WP 5.6

**2.13.2**

*   minor bug fixes
*   fixed issue with deactivation form
*   added compatibility with WP 5.5

**2.13.1**

*   Added compatibility with WordPress v5.5

**2.13.0**

*   Added UI fixes
*   Updated demo plan fixes
*   Minor bugfixes and compatibility fixes

**2.12.4**

*   Licensing tab fix

**2.12.3**

*   Added fixes for some features
*   Added option to disable authorize screen

**2.12.2**

*   Added Compatibility with WordPress v5.4

**2.12.0**

*   Performance Improvements

**2.11.0**

*   Fixed bug where blank scope led to blank screen
*   Fixed “Deny” button resulting in clicking “Allow”
*   Fixed unaccounted bytes error notice on activation
*   Updated plugin licensing
*   Minor UI Improvements

**2.10.0**

*   Added fixes for Loopback Request failure
*   Updated Endpoints based on REST API and Authorize Consent Screen
*   Minor Bugfixes

**2.9.1**

*   Fixed migration issue

**2.9.0**

*   Fixed bug where bearer access\_token was not recognized.
*   Updated Endpoints

**2.8.2**

*   Updated Installation Steps

**2.8.1**

*   Compatibility changes for miniOrange OAuth Single Sign On

**2.8.0**

*   Updated registration form
*   Advertised Introspection Endpoint

**2.7.0**

*   Added compatibility for WordPress Version 5.2
*   Added fixes for OpenID Connect flow
*   Added fixes for OTP related issue
*   Updated Endpoints
*   Added alternative for Sign Up
*   Advertised Scope Based Response

**2.6.1**

*   Fixed conflicts for function generateRandomString()

**2.6.0**

*   Advertised new features as per new Licensing Plan

**2.5.6**

*   Added Compatibility for Rocket.chat

**2.5.5**

*   Fixed OTP related issue

**2.5.4**

*   Updated Licensing Plan

**2.5.3**

*   Added Visual Tour fixes

**2.5.2**

*   Added bugfixes

**2.5.1**

*   Added missing files

**2.5.0**

*   New Features
*   Major UI Revamp
*   Added Feature Tour

**2.4.0**

*   Compatibility with WordPress 5.1

**2.3.0**

*   Added Feedback Form and Updated UI

**2.2.1**

*   Added support for Invision Community and Rocket.chat

**2.2.0**

*   Updated UI

**2.1.0**

*   Fixed the PHP7.2 Compatibility issue

**2.0.3**

*   Changes in the title

**2.0.2**

*   Added features

**2.0.1**

*   Added support for multiple client

**1.0.1**

*   Initial Release

CVE-2022-34149: WP OAuth Server ( Login with WordPress )

Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.

**Description**

The application uses Purify to avoid the Cross Site Scripting attack. However, On ApiAddress module from Settings, the customFields is not validated and it's used directly without any encoding or validation on ApiConfigModal.tpl. It allows attacker to inject arbitrary Javascript code to perform an Stored XSS attack.

**Proof of Concept**

1.  1- Login to the application

3.  2- Access the ApiAddress Module via the following URL:
4.  https://gitstable.yetiforce.com/index.php?module=ApiAddress&parent=Settings&view=Configuration
5.  3- Click to the button "Configure provider",
6.  Change the value of "map\_url" parameter with the following payload:

    https://www.attacker.com#"+onfocus="alert(document.domain)"+autofocus=""+"
    

6.  Or change the value of "country\_codes" with the following payload:

    "+onfocus="alert(document.domain)"+autofocus=""+"
    

5.  \*\*Inject the payload
6.   

**PoC Video**

https://drive.google.com/file/d/1Bb_-s_2ELyR87vfkhVjb0U0VThb7eOzZ/view?usp=sharing

**Vulnerable Code**

1.  1- The CustomFields is not validated and map\_url allow special characters: 
2.  2- The parameter is not encoded and use directly:
3.  

**Impact**

An XSS attack allows an attacker to execute arbitrary JavaScript in the context of the attacked website and the attacked user. This can be abused to steal session cookies, perform requests in the name of the victim or for phishing attacks.

**Occurrences**

CVE-2022-2890: Cross-site Scripting (XSS) - Stored in yetiforcecrm

Permalink

Browse files

YetiForce CRM ver. 6.4.0 (#16359)

\* Added improvements in record collector

\* Integration with UaYouControl.php (#16293)

Co-authored-by: Mariusz Krzaczkowski <m.krzaczkowski@yetiforce.com>

\* Integration with UaYouControl.php (#16293)

\* Add external link to NoBrregEnhetsregisteret. (#16292)

\* Add external link to NoBrregEnhetsregisteret. #16292

\* Add NorthData to RecordCollectors. (#16278)

\* Add NorthData to RecordCollectors.

\* Change docs.

Co-authored-by: Mariusz Krzaczkowski <m.krzaczkowski@yetiforce.com>

\* Fix #16311

\* Added conditions wizard for 'Update related record' workflow action

\* Add NorthData to RecordCollectors. (#16278)

\* Code improvements

\* Added improvements in record collector

\* Zefix integraion \[in progress\] (#16281)

\* Zefix integraion \[in progress\]

\* ChZefix integration.

Co-authored-by: Mariusz Krzaczkowski <m.krzaczkowski@yetiforce.com>

\* Improved workflow action

\* Added improvements in record collector

\* Improvements in the store

\* Update RecordCollector tests

\* Code improvements

\* Improved ConfReport

\* languages/en-US/Other/RecordCollector.json

\* Improved change module type

\* Improved default dashboard in api portal

\* Fix Send PDF workflow task

\* Improved default dashboard in api

\* Fixed attachments in 'Emails to send' panel

\* lib\_roundcube 0.3.0 Roundcube Webmail 1.6.0

\* tests

\* tests

\* Update tests.yml

\* Added improvements in record collector

\* tests/setup/dependency.sh

\* .github/workflows/tests.yml

\* .github/workflows/tests.yml

\* .github/workflows/tests.yml

\* Code improvements

\* Update dependencies

\* Added minor improvements

\* tests

\* Added improvements in record collector

\* Added improvements in record collector

\* Added minor improvements

\* Added minor improvements

\* Added minor improvements

\* Improved import file button

\* Improved imap connection

\* Fix #16317 - list view entries count

\* Added minor code improvements

\* Improved menu items

\* Added improvements in record collector

\* Fix gantt view (#15772)

\* Added improvements in record collector

\* Added improvements in record collector

\* Added improvements in record collector

\* Updated graphics in store

\* Update install translations

\* Update fonts

\* Improved OSSMail template

\* Updated graphics in store

\* Update fonts

\* tests

\* tests Validator

\* Update icons

\* Improved widgets permissions (#15613)

\* Increase scrolling speed (#15031)

\* Added tracking to media management

\* Added improvements in record collector

\* Added improvements in record collector

\* Added improvements in record collector

\* Added minor code improvements

\* tests

\* Added minor code improvements

\* Fixed #15164 (#16319)

\* Some changes in Import module (#16318)

\* Code formatting

\* Added improvements in record collector

\* Change the library "sonata-project / google-authenticator" to "pragmarx/google2fa"

\* Update dependencies

\* Update dependencies

\* Updated \*.min and \*.map files

\* Change the library "sonata-project / google-authenticator" to "pragmarx/google2fa"

\* Added minor improvements in Composer::install

\* Update dev dependency

\* Added dropdown button to record collectors (#16322)

\* Corrected  Record collectors table width (#16323)

\* Fixed #15183 modulesMapRelatedFields don\`t work correct for multipicklist

\* Added minor improvements in Credits

\* Fix edit view header links

\* Improved Inventory panel and PDF widget

\* Added improvements in record collector

\* Added improvements in record collector

\* Update install translations

\* #16282 Improved the handler from getting coordinates to the map

\* Added minor code improvements

\* Fixed getting reference module in inventory name field (#16329)

\* Missing icons update

\* Improved tree field type

\* Improved tests and some code

\* Fix tree field type

\* Fix scheme for tree data table

\* Improved switch users

\* Improved YetiForce CLI

\* \[PROD\](renovate) Update dependency github/super-linter to v4.9.6 (#16324)

Co-authored-by: renovate\[bot\] <29139614+renovate\[bot\]@users.noreply.github.com>

\* Bump giggsey/libphonenumber-for-php from 8.12.52 to 8.12.53 (#16331)

Bumps \[giggsey/libphonenumber-for-php\](https://github.com/giggsey/libphonenumber-for-php) from 8.12.52 to 8.12.53.
- \[Release notes\](https://github.com/giggsey/libphonenumber-for-php/releases)
- \[Commits\](giggsey/libphonenumber-for-php@8.12.52...8.12.53)

---
updated-dependencies:
- dependency-name: giggsey/libphonenumber-for-php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot\[bot\] <support@github.com>

Co-authored-by: dependabot\[bot\] <49699333+dependabot\[bot\]@users.noreply.github.com>

\* Improved switch users

\* Improved switch users

\* Unused code has been removed

\* Fix tree field type

\* Added improvements in record collector

\* Improved integration with DAV

\* Improved conditions wizard for 'Update related record' workflow action

\* Fixed focus to search text field when click on select2 drop down in modal window

\* Added improvements in record collector

\* Added minor code improvements

\* Improved ConfReport

\* Improved .htaccess

\* Added minor code improvements

\* Improved ConfReport

\* Fix icon on tree field type and change icon management view

\* Removed unused code. "Is added" - condition in workflows (#16321)

\* Correct setting of check boxes of Inventory boolean fields depending on their values. (#16326)

\* Update Inventory.js
Now the check-boxes of Inventory boolean fields will be set correctly regarding to their content.

\* README.md (#16332)

\* Improve inventory auto fill

\* Improved getting data from smtp (#16334)

\* Fixed #13136 (#16335)

\* Improved DB structure for map table cache

\* Improved updating payment status (#16327)

\* Improved updating payment status

\* Corrected translation (#16336)

\* Removed translation (#16337)

\* A functionality has been added to unlock e-mail accounts

\* Fix #13486

\* Update dependencies

\* mbstring.func\_overload

\* Added priority to CalendarActivities and OverdueActivities dashboard … (#16276)

\* Added priority to CalendarActivities and OverdueActivities dashboard widgets

\* Added improvement

\* Hidden icon for previewing replies in comments (#16339)

\* The display of the multi email field has been improved

\* Added working time counter widget. (#16316)

\* Added working time counter widget.

\* Added translation

\* Added improvements

\* Removed varialbe

\* Corrected comment

\* Added title to buttons

\* Added type to variable

\* Removed redundant characters

\* Added working time counter widget. #16316

\* Added minor improvements

\* Improoved dashboard titles

\* Updated \*.min and \*.map files

\* Added minor improvements in languages

\* Updated translation

\* Improvements have been added to the integration with WAPRO ERP

\* Update install translations

\* Update translations

\* Update translations

\* Added improvements in record collector

\* Added improvements in record collector

\* Improved input data cleanup

\* Improved RSS

\* Improved Rss

\* Update all Yarn dependencies (2022-08-15) (#16344)

Co-authored-by: depfu\[bot\] <23717796+depfu\[bot\]@users.noreply.github.com>

\* Added improvements in record collector

\* Improvements in the mechanism of generating PDF files

\* YetiForcePDF update v0.1.40 & Update dependencies

\* Improved some config templates

\* Added minor improvements

\* Remove unnecessary code

\* .github/workflows/actions.yml

\* .github/workflows/actions.yml

\* .github/workflows/tests.yml

\* .github/workflows/tests.yml

\* .github/workflows/tests.yml

\* Improved Db importer/updater

\* Added buttons to the Working hours counter widget (#16340)

\* Added buttons to the Working hours counter widget

\* Added translations

\* Improved widget

\* Added button lock when starting timing

\* Update translations

\* Added missing translation

\* .github/workflows/tests.yml

\* .github/workflows/tests.yml

\* .github/workflows/tests.yml

\* Added missing translation

\* .github/workflows/tests.yml

\* Removed Translation (#16347)

Co-authored-by: Radosław Skrzypczak <r.skrzypczak@yetiforce.com>

\* Update install translations

\* Added minor improvement in get actual version of PHP

\* Update install translations

\* Updated \*.min and \*.map files

\* Redundant code has been removed

\* .github/workflows/tests.yml

\* .github/workflows/tests.yml

\* .github/workflows/tests.yml

\* Improved RSS

\* Added improvements

\* Update DEV dependencies

\* Fix Completions initialization in comments widget (#16348)

\* Update fonts

\* Fixed sending files in API for PUT method

\* Update DEV dependencies

\* Improved valid of time in Business Hours (#16351)

\* Improved executing workflow when an unsupported operator is selected (#16352)

\* Improved executing workflow when an unsupported operator is selected

\* Improved getting translation (#16350)

\* Improved Importer

\* Improved working time counter widget

\* Improved api

\* Expansion of the tests

\* Expansion of the tests

\* tests

\* Update DEV dependencies

\* Improved Rss

\* tests

\* Value display secured

\* Added improvements

\* Improved index name

\* Improved validation of quantity field (#16355)

\* Improved validation of quantity field

\* Improved code

\* Add missing picklist dependencies

\* Added  validation whether at least one business day has been selected in the Business hours module (#16356)

\* Compile js

\* Moved swagger file

\* Improved swagger generating functions

\* Added minor improvements

\* Fixed issue with date format

\* Added improvements

\* Fixed a bug when selecting all users in the calendar quick edit view (#16357)

\* Improved swagger generating functions

\* Added improvements

\* Added improvements

\* Added improvements

\* Improved Address Search panel

\* Improved Emails to send panel

\* Fix action name

\* Fix description in docBlock

\* tests/Settings/ApiAddress.php

\* Compile js

\* tests/Settings/ApiAddress.php

\* tests/Settings/ApiAddress.php

\* Remove html unnecessary class

\* Fixed #14266 (#16349)

\* \[PROD\](renovate) Update debian Docker tag to v11 (#16341)

Co-authored-by: renovate\[bot\] <29139614+renovate\[bot\]@users.noreply.github.com>

\* Improved anonymization

\* Added improvements

\* Update install translations

\* Improved config class

\* Added improvements

\* Improved generatedtype for some fields

\* Fixed #15631 (#16358)

\* Added improvements

\* Improved block sequence

\* 6.4.0

Co-authored-by: rembiesa <103192653+rembiesa@users.noreply.github.com>
Co-authored-by: Radosław Skrzypczak <r.skrzypczak@yetiforce.com>
Co-authored-by: Adrian Koń <a.kon@yetiforce.com>
Co-authored-by: bmankowski <bmankowski@gmail.com>
Co-authored-by: Arek Solek <arkadiusz\_s9887@wp.pl>
Co-authored-by: renovate\[bot\] <29139614+renovate\[bot\]@users.noreply.github.com>
Co-authored-by: dependabot\[bot\] <49699333+dependabot\[bot\]@users.noreply.github.com>
Co-authored-by: Jared Ramon Elizan <elizanjaredr@gmail.com>
Co-authored-by: depfu\[bot\] <23717796+depfu\[bot\]@users.noreply.github.com>

*   Loading branch information

CVE-2022-1340: YetiForce CRM ver. 6.4.0 (#16359) · YetiForceCompany/YetiForceCRM@2c14baa

Multiple SQL injections detected in Bus Pass Management System 1.0 via buspassms/admin/view-enquiry.php, buspassms/admin/pass-bwdates-reports-details.php, buspassms/admin/changeimage.php, buspassms/admin/search-pass.php, buspassms/admin/edit-category-detail.php, and buspassms/admin/edit-pass-detail.php

**Project Name**

Bus Pass Management System Project

**Language Used**

PHP5.6, PHP7.x

**Database**

MySQL 5.x

**User Interface Design**

HTML, AJAX,JQUERY,JAVASCRIPT

**Web Browser**

Mozilla, Google Chrome, IE8, OPERA

**Software**

XAMPP / Wamp / Mamp/ Lamp (anyone)

Bus Pass Management Project in Php is a web-based technology that will manage the records of the pass which is issue by administrative and also help to provide online bus pass to people who need to travel daily. Bus Pass Management System project is helpful to bus administration by reducing the paperwork, time consumption and makes the process of getting bus passes as simple and fast.

Bus Pass Management system uses PHP and MySQL databases. This is the project which keeps records of the pass which is issue by the administrative. Bus Pass Management system has two modules i.e. admin and user.

**Admin**

**Dashboard**: In this sections, admin can briefly view the total number of categories and how many passes will be generated in one day, yesterdays and the last seven’s days

**Category**: In this section, admin can manage the category (add/update).

**Passes**: In this section, admin can manage pass(add/update/take print pass).

**Pages:** In this section, admin can update about us and contact us pages.

**Enquiry:** In this section, admin reads the inquiries which are sent by users.

**Reports**: In this section admin can generate pass reports between two dates.

**Search**: In this section, admin can search a particular pass bypass number.

Admin can also update his profile, change the password and recover the password.

**User**

1.  **Home Page:** User can visit home page.
2.  **View Pass:** User can view his/her pass and take print with the help of their Pass Number.
3.  **About Us**: User sees the details of .website administrator.
4.  **Contact Us**: User can contact with website administrator.

**Note**:  In this project, the MD5 encryption method was used.

**Some of the Bus Pass Management Project Screens**

**Home Page**

**Home Page**

**Pass Details**

Pass Details

**Admin Dashboard**

**Admin Dashboard**

**Add/Create Pass**

**Add/Create Pass**

**How to run the Bus Pass Management System Project Using PHP and MySQL**

*   Download the zip file
*   Extract the file and copy buspassms folder
*   Paste inside root directory(for xampp xampp/htdocs, for wamp wamp/www, for lamp var/www/html)
*   Open PHPMyAdmin (http://localhost/phpmyadmin)
*   Create a database with name buspassdb
*   Import buspassdb.sql file(given inside the zip package in SQL file folder)
*   Run the script http://localhost/buspassms

**Admin Credential**  
**Username:** admin  
**Password:** Test@123

**Pass number:** 681924385 or you can create a new pass.

**+++++++++++++++++View Demo+++++++++++++++++++++**

Download Full Source Code (Bus Pass Management System)

Size: 2.43 MB

Version: V 1.0

**Project Report**

Anuj Kumar

Hi! I am Anuj Kumar, a professional web developer with 5+ years of experience in this sector. I found PHPGurukul in September 2015. My keen interest in technology and sharing knowledge with others became the main reason for starting PHPGurukul. My basic aim is to offer all web development tutorials like PHP, PDO, jQuery, PHP oops, MySQL, etc. Apart from the tutorials, we also offer you PHP Projects, and we have around 100+ PHP Projects for you.

Tag

#php