#php

An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial version 2.14-917a to enumerate database records. By default, VICIdial stores plaintext credentials within the database.

Queuing Simple Chatbot version 1.0 suffers from a remote shell upload vulnerability.

Profiling System version 1.0 suffers from a remote shell upload vulnerability.

Passion Responsive Blogging version 1.0 suffers from a cross site scripting vulnerability.

Online Survey System version 1.0 suffers from cross site scripting and remote file inclusion vulnerabilities.

Online Birth Certificate System version 1.0 suffers from an ignored default credential vulnerability.

Medical Card Generations System version 1.0 suffers from an ignored default credential vulnerability.

Emergency Ambulance Hiring Portal version 1.0 suffer from a WYSIWYG code injection vulnerability.

Printable Staff ID Card Creator System version 1.0 suffers from an insecure direct object reference vulnerability.

Microsoft's September 2024 Patch Tuesday is here. Make sure you’ve applied the necessary patches!