#php

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the adminname parameter in admin.php.

A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_product of E-Commerce Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Title text field.

EmpireCMS 7.5 has a SQL injection vulnerability in AdClass.php

Bluecms 1.6 has a SQL injection vulnerability at cooike.

Tenda HG6 version 3.3.0 suffers from a remote command injection vulnerability. It can be exploited to inject and execute arbitrary shell commands through the pingAddr and traceAddr HTTP POST parameters in formPing, formPing6, formTracert and formTracert6 interfaces.

WordPress Stafflist plugin version 3.1.2 suffers from a cross site scripting vulnerability.

A stored cross-site scripting (XSS) vulnerability in Pixelimity 1.0 allows attackers to execute arbitrary web scripts or HTML via the Title field in admin/pages.php?action=add_new

A Remote Code Execution (RCE) vulnerability exists in Pixelimity 1.0 via admin/admin-ajax.php?action=install_theme.

Stored XSS in PartKeepr 1.4.0 Edit section in multiple api endpoints via name parameter.

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository axios/axios prior to 0.26.