Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2021-41041: 579744 – OpenJ9 allows unverified methods to be invoked using MethodHandles

In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles.

CVE
Open in Source
#web#java#php#ibm
CVE-2022-28058: Arbitrary file deletion vulnerability exists · Issue #20 · Verytops/verydows

Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\file_controller.php.

CVE-2022-28059: Verydows Exists Arbitrary File Deletion Vulnerability · Issue #21 · Verytops/verydows

Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\database_controller.php.

CVE-2022-28525: There is a file upload vulnerability here: /admin/users.php?source=edit_user&id=1 · Issue #5 · chilin89117/ED01-CMS

ED01-CMS v20180505 was discovered to contain an arbitrary file upload vulnerability via /admin/users.php?source=edit_user&id=1.

CVE-2022-28524: There is a SQL injection vulnerability here: /post.php · Issue #4 · chilin89117/ED01-CMS

ED01-CMS v20180505 was discovered to contain a SQL injection vulnerability via the component post.php.

CVE-2022-28918: There is an arbitrary file deletion vulnerability here: /index.php?m=admin&c=custom&a=plugindelhandle&plugin_name= · Issue #116 · GreenCMS/GreenCMS

GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletion vulnerability via /index.php?m=admin&c=custom&a=plugindelhandle&plugin_name=.

CVE-2022-28527: There is an arbitrary folder deletion vulnerability here:/admin.php?r=admin/AdminBackup/del · Issue #5 · ShaoGongBra/dhcms

dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?r=admin/AdminBackup/del.

CVE-2022-28522: There is a stored xss vulnerability here: /index.php?m=home&c=message&a=add · Issue #5 · jorycn/thinkphp-zcms

ZCMS v20170206 was discovered to contain a stored cross-site scripting (XSS) vulnerability via index.php?m=home&c=message&a=add.

CVE-2022-28528: There is a file upload vulnerability here: /admin/index.php?mode=content&page=media&action=edit · Issue #14 · alexlang24/bloofoxCMS

bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content&page=media&action=edit.