Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2022-30760: releasenotes:fn2web2.04.09 [FlexWiki]

An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information (final grades, study courses, degrees) by changing the student ID parameter in the HTTP POST request to the FrontControllerSS endpoint.

CVE
Open in Source
#sql#vulnerability#web#mac#js#java#php#ldap#pdf#auth#postgres
CVE-2022-2020: vul/Prison Management System(XSS).md at main · ch0ing/vul

A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=system_info of the component System Name Handler. The manipulation with the input <img src="" onerror="alert(1)"> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2022-2019

A vulnerability classified as critical was found in SourceCodester Prison Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php?f=save of the component New User Creation. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2022-2017

A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /pms/admin/visits/view_visit.php of the component Visit Handler. The manipulation of the argument id with the input 2%27and%201=2%20union%20select%201,2,3,4,5,6,7,user(),database()--+ leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2022-2016: Escaped the html of the balance fields before any other tests. Also a… · NeoRazorX/facturascripts@7b4ddb9

Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.1.

CVE-2021-40961: CMS Made Simple SQL injection on m1_sortby parameter

CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '.

CVE-2022-31827: CVE_Request/MonstaFTP_v2_10_3_SSRF.md at master · zer0yu/CVE_Request

MonstaFTP v2.10.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the function performFetchRequest at HTTPFetcher.php.

CVE-2022-31393: [Vuln] SSRF vulnerability in `index` Function of `PluginsController.php` File (2.2.5 version) · Issue #76 · Cherry-toto/jizhicms

Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php.