COVID19 Testing Management System 1.0 is vulnerable to SQL Injection via the admin panel.

**Premium/Paid PHP Projects**

#

Project Name

Cost

1

Insurance Management System in PHP and MySQL

Rs.699 / $9.90

2

College Admission Management System in PHP and MySQL

Rs.499 / $7

3

Laundry Management System Using PHP and MySQL

Rs.499 / $7

4

Vehicle Service Management System Using PHP and MySQL

Rs.549 / $7.77

5

Courier Management System Using PHP and MySQL

Rs.599 / $8.48

6

Food Ordering System using PHP and MySQL

Rs.799 / $11.31

7

Attendance Monitoring System using PHP and MySQL

Rs.999 / $14.14

8

Car Driving School Management System  using PHP and MySQL

Rs.399 / $5.65

9

Event Management System using PHP and MySQL

Rs.699 / $9.90

10

Paying Guest Accommodation System

Rs.599 / $8.48

11

Car Showroom Management System Using PHP and MySQL

Rs.449 / $6.36

12

Pharmacy Management System using PHP and MySQL

Rs.649 / $9.40

13

Water Supply Management System Using PHP and MySQL

Rs.599 / $8.48

14

Toll Tax Management System using PHP & MySQL

Rs.549 / $7.77

15

Real Estate Management System Project using PHP & MySQL

Rs.799 / $11.31

16

Campus Recruitment Management System using PHP and MySQL

Rs.699 / $9.90

17

Vehicle Rental Management System using PHP and MySQL

Rs.649 / $9.19

18

Movers and Packers Management System using PHP and MySQL

Rs.299 / $4.23

19

Society Management System using PHP and MySQL

Rs.549 / $7.77

20

Online Diagnostic Lab Management System using PHP and MySQL

Rs.699 / $9.90

21

Online Tiffin Service System Using PHP and MySQL

Rs.349 / $4.94

22

Online Gas Booking System Using PHP and MySQL

Rs.499 / $6.54

23

Hotel Booking Management System Using PHP and MySQL

Rs.499 / $6.54

24

Online Furniture Shop Management System using PHP and MySQL

Rs.599/ $7.87

25

Yoga Classes Registration System using PHP and MySQL

Rs.449/ $5.91

26

Health Monitoring Management System Using PHP and MySQL

Rs.399/ $5.28

27

Crime Record Management System Using PHP and MySQL

Rs.799/ $10.58

28

Online Catering Management System Using PHP and MySQL

Rs.599/ $7.87

29

Complaint Management System Pro version using PHP and MySQL

Rs.499/ $6.61

30

AC Repairing System using PHP and MySQL

Rs.499/ $6.61

31

Online Dance Classes Registration System Using PHP and MySQL

Rs.429/ $5.69

32

Theme Park Management System Using PHP and MYSQL

Rs.249/ $3.31

33

Job Portal Project Using PHP and MYSQL

Rs.549/ $7.49

34

Online College Assignment System Using PHP and MySQL

Rs.649/ $8.82

35

Inventory Management System Using PHP and MySQL

Rs.499/ $6.80

36

Online Magazine Management System using PHP and MySQL

Rs.499/ $6.80

37

Computer Service Management System Using PHP and MySQL

Rs.349/ $4.70

38

Lawyers Record Management System Using PHP and MySQL

Rs.449/ $6.02

39

Cake Bakery System Project Using PHP and MySQL

Rs.499/ $6.69

40

Mobile Store Management System using PHP and MySQL

Rs.499/ $6.69

41

Vehicle Breakdown Assistance Management System Using PHP

Rs.499/ $6.69

42

Daily Expense Tracker System Pro Version Using PHP

Rs.299/ $4.05

43

Directory Listing Management System Using PHP

Rs.499/ $6.7

44

Pre-Owned/Used Car Selling Management System Using PHP

Rs.449/ $6.0

45

Baby Daycare Management System Using PHP

Rs.449/ $6.0

46

Cold Storage Management System Using PHP

Rs.499/ $6.65

47

Curfew e-Pass Management System using PHP & MySQL Pro Version

Rs.349/ $4.625

48

Home Loan Management System using PHP & MySQL

Rs.499/ $6.68

49

Internet Service Provider Management System Using PHP and MySQL

Rs.599/ $8

50

Food Waste Management System Using PHP and MySQL

Rs.599/ $8

51

Sanitization Management System Using PHP and MySQL

Rs.399/ $5.31

52

Driver Hiring Management System Using PHP and MySQL

Rs.499/ $6.69

53

Jewelry Shop Management System Using PHP and MySQL

Rs.599/ $7.73

54

Online Shopping Portal Pro Version using PHP and MySQL

Rs.549/ $7.19

55

Employee Task Management System using PHP and MySQL

Rs.519/ $6.81

56

Blog Management System using PHP and MySQL (CMS)

Rs.449/ $5.92

57

Online Temple Management System using PHP and MySQL

Rs.549/ $7.23

58

Online Course material Management System using PHP and MySQL

Rs.399/ $5.11

59

Fuel Delivery Management System Using PHP and MySQL

Rs.599/ $7.56

60

Traffic Squad Management System Using PHP and MySQL

Rs.549/ $6.93

61

Laptop and Desktop Rental Management System using PHP and MySQL

Rs.549/ $6.88

CVE-2021-33470: PHP Project, PHP Projects Ideas, PHP Latest tutorials, PHP oops Concept

A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

*   Products
    *   Openwall GNU/\*/Linux   _server OS_
    *   Linux Kernel Runtime Guard
    *   John the Ripper   _password cracker_
        *   Free & Open Source for any platform
        *   in the cloud
        *   Pro for Linux
        *   Pro for macOS
    *   Wordlists   _for password cracking_
    *   passwdqc   _policy enforcement_
        *   Free & Open Source for Unix
        *   Pro for Windows (Active Directory)
    *   yescrypt   _KDF & password hashing_
    *   yespower   _Proof-of-Work (PoW)_
    *   crypt\_blowfish   _password hashing_
    *   phpass   _ditto in PHP_
    *   tcb   _better password shadowing_
    *   Pluggable Authentication Modules
    *   scanlogd   _port scan detector_
    *   popa3d   _tiny POP3 daemon_
    *   blists   _web interface to mailing lists_
    *   msulogin   _single user mode login_
    *   php\_mt\_seed   _mt\_rand() cracker_
*   Services
*   Publications
    *   Articles
    *   Presentations
*   Resources
    *   Mailing lists
    *   Community wiki
    *   Source code repositories (GitHub)
    *   Source code repositories (CVSweb)
    *   File archive & mirrors
    *   How to verify digital signatures
    *   OVE IDs
*   What's new

CVE-2020-27815: security - CVE-2020-27815 Linux kernel: jfs: array-index-out-of-bounds in dbAdjTree

InvoicePlane 1.5.11 doesn't have any rate-limiting for password reset and the reset token is generated using a weak mechanism that is predictable.

**Summary**

InvoicePlane is one of the popular open-source CRM. During the search for a PHP based open-source CRM in Github, this comes mostly within first ten.

The latest version of InvoicePlane (v1.5.11) has a weak password recovery mechanism which could lead to authenticated remote code execution. Without further wasting your time let’s dive into the details.

*   CWE-640: Weak Password Recovery Mechanism for Forgotten Password
*   CWE-770: Allocation of Resources Without Limits or Throttling

The application allows users to reset their passwords by sending a reset link via email. As usual, the application allows the user to reset a new password by visiting the link. Here the things seem to be normal on the surface, but when we dive into source code things are different.

**Proof of Concept**

The password reset feature doesn’t have any rate-limiting mechanism implemented to prevent brute force. When a user requests a password reset, the application generates a reset token stores it in the database. The problem is, during this token generation application concatenates the current time and email to generate an MD5 hash then uses this generated hash as a token. Since there is no rate limiting, if the attacker has the users’ email address predicting this token becomes so easy. During the password generation, through the response date header attacker can figure out the time value as well.

As seen on the above image, at line 172 application concatenates the current server time and user email to generate a token.

The above image shows the successful password change using the exploit.

CVE-2021-29023: Weak Password Recovery Mechanism in InvoicePlane CRM

In InvoicePlane 1.5.11 a misconfigured web server allows unauthenticated directory listing and file download. Allowing an attacker to directory traversal and download files suppose to be private without authentication.

**Summary**

InvoicePlane is one of the popular open-source CRM. During the search for a PHP based open-source CRM in Github, this comes mostly within first ten.

The latest version of InvoicePlane (v1.5.11) has several vulnerabilities. Without further wasting your time let’s dive into the details.

*   CWE-552: Files or Directories Accessible to External Parties

As mentioned above, if the webserver is not configured properly, this allows unauthenticated directory listing and file download. Allowing an attacker to directory traversal and download files suppose to be private without authentication.

The developer has implemented some preventive measures to avoid exploitation of this vulnerability like _htaccess_ based directory access restriction and users can download the file via an authenticated URL instead of direct download. But none of these will work if the server is not configured properly. During the testing, it seems the default installation of Apache will not help with the implemented protection mechanism.

> .htaccess based mitigation will work only with the supported webserver.

CVE-2021-29024: Files or Directories Accessible to External Parties in InvoicePlane CRM

A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions before kernel 5.12-rc6 are affected

*   Products
    *   Openwall GNU/\*/Linux   _server OS_
    *   Linux Kernel Runtime Guard
    *   John the Ripper   _password cracker_
        *   Free & Open Source for any platform
        *   in the cloud
        *   Pro for Linux
        *   Pro for macOS
    *   Wordlists   _for password cracking_
    *   passwdqc   _policy enforcement_
        *   Free & Open Source for Unix
        *   Pro for Windows (Active Directory)
    *   yescrypt   _KDF & password hashing_
    *   yespower   _Proof-of-Work (PoW)_
    *   crypt\_blowfish   _password hashing_
    *   phpass   _ditto in PHP_
    *   tcb   _better password shadowing_
    *   Pluggable Authentication Modules
    *   scanlogd   _port scan detector_
    *   popa3d   _tiny POP3 daemon_
    *   blists   _web interface to mailing lists_
    *   msulogin   _single user mode login_
    *   php\_mt\_seed   _mt\_rand() cracker_
*   Services
*   Publications
    *   Articles
    *   Presentations
*   Resources
    *   Mailing lists
    *   Community wiki
    *   Source code repositories (GitHub)
    *   Source code repositories (CVSweb)
    *   File archive & mirrors
    *   How to verify digital signatures
    *   OVE IDs
*   What's new

\[<prev\] \[next>\] \[day\] \[month\] \[year\] \[list\]

Date: Wed, 7 Apr 2021 19:16:07 +0800
From: 马哲宇 <zheyuma97@...il.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2021-3483: Linux kernel: a use-after-free bug in nosy driver

Hello,

I found a bug in the latest Linux kernel. The
location of the bug is Linux/drivers/firewire/nosy.c.   Nosy is an
IEEE 1394 packet sniffer which is used for protocol analysis and in the
development of IEEE 1394 drivers, applications, or firmware.

For each device, the nosy driver allocates a pcilynx structure. A
use-after-free might happen in the following scenario:

1. Open nosy device for the first time and call ioctl with command
NOSY\_IOC\_START, then a new client A will be malloced and added to
doubly linked list.
2. Open nosy device for the second time and call ioctl with command
NOSY\_IOC\_START, then a new client B will be malloced and added to
doubly linked list.
3. Call ioctl with command NOSY\_IOC\_START for client A, then client A
will be readded to the doubly linked list. Now the doubly linked list
is messed up.
4. Close the first nosy device and nosy\_release will be called. In
nosy\_release, client A will be unlinked and freed.
5. Close the second nosy device, and client A will be referenced,
resulting in UAF.

The root cause of this bug is that the element in the doubly linked
list is reentered into the list.

Here is the commit to patch this BUG:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=829933ef05a951c8ff140e814656d73e74915faf

Regards,

Zheyu Ma

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.

CVE-2021-3483: security - CVE-2021-3483: Linux kernel: a use-after-free bug in nosy driver

The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fonts_icon directory with no checks for malicious files such as PHP.

CVE-2021-24284

An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get the upload data path via a workspace upload.

**5.4.12 (stable)**

Release 5.4.12 has been published on May 29, 2020

*   Please read the ILIAS 5.4 feature page for information about new and abandoned features and changed behaviour of this version.
*   You find information about first time installation here.
*   Instructions for updating ILIAS can be found here.
*   Please have a look at the page Required Software for 5.4, too.

If you use a customized skin/style, please change the skin settings for root user and default of installation to ‘delos‘ before upgrading from a 4.x version to 5.4.x. Otherwise you may not login any more due to templates changes in former versions.

ILIAS 5.4 comes with a new content style that substitutes the former content style. If you want to keep this outdated style, please create a new style with it before updating to 5.4. Own created styles won't be tackled.

ILIAS is free, open source software and published under the GNU General Public License (GPL).

Format: .zip

 ILIAS-5.4.12.zip  
Download (github.com)  
195 MB, 2020-05-29  
md5: 3a30c44a81f4a2fbf683c9e325d51610

Format: .tar.gz

 ILIAS-5.4.12.tar.gz  
Download (github.com)  
179 MB, 2020-05-29  
md5: c64c6ac8f29264679dd40eb27faaec83 

**Known Issues**

*   none

**Changed Behaviour**

*   The user configuration of  "show me in the who-is-online tool" has been changed to an "opt-in" due to bug #28970. A default setting has been added to the user administration accordingly. For details, see this comment in the bug report.

**Fixed Bugs**

Security Fixes

*   Fixed information leak of uploaded data path via workspace upload (reported by Holger Fuhrmannek, Telekom Security)

The following bugs reported in Mantis have been resolved:

28391: \[Didactic Templates\] Ausgrauen der Standard-Vorlage greift nicht im Einstellungsformular (smeyer)  
28111: \[Didactic Templates\] Special behavior for dtpl used on groups inside of groups (smeyer)  
27709: \[User Tracking\] ilErrorHandling::{closure}:50 2 "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? (smeyer)  
28323: \[Contacts\] "Meine Verteilerlisten" bei ausgeschaltetem "Kontakte"-Service ohne Funktion (mjansen)  
27710: \[Calendar\] Sprechstundenverwaltung: Sprachvariablen "Terminbuchung absagen" und "Terminbuchung löschen" vertauscht (smeyer)  
28316: \[Language Handling\] system message: new line \\n visible in pwassist\_session\_expired (mkunkel)  
28291: \[Glossary\] \[FRENCH - TRANSLATION \] Glossaries - Custom metadata definition (mkunkel)  
28203: \[Language Handling\] Portugisisch Kursaufruf über Schreibtisch (akill)  
27955: \[Booking Tool\] Fehlerhafter Export von Reservierungen (akill)  
26116: \[Mail\] ILIAS accepts Username with ending . (point), this cause a error message in mail function (mjansen)  
28332: \[RBAC\] RBAC: PHP 7.0 issue with access modifiers used for PHP constants (smeyer)  
25257: \[RBAC\] Rechte über Rollentemplates hinzuzufügen setzt bestehende RBAC-Einstellungen lokaler Rollen zurück (smeyer)  
26592: \[Background Tasks\] Mail or Chat settings, Save, then delete a background task (mjansen)  
27716: \[Category and Repository\] Typo in Infotext about "Kachlebild" (akill)  
28259: \[Survey\] FragenBlock (akill)  
25715: \[Organisational Units\] Whoops trying to enter an orgu entension object (mstuder)  
28149: \[Export\] Title of Forum lost upon import (mjansen)  
28037: \[Forum\] ilias.de: overview subforums very slow (mjansen)  
10305: \[Category and Repository\] Repository page is shown to anonymous users without permission (akill)  
28197: \[Mail\] Whoops when user try to send mails (mjansen)  
28088: \[Language Handling\] Typo Adminpage Test and Assessement (mkunkel)  
28040: \[Glossary\] Bei automatischer Glossarverlinkung wird der restliche Text nach dem Glossarlink gelöscht (akill)  
27862: \[Learning Module ILIAS : Editor\] Automated linking between LM and glossary doesn't work (akill)  
27605: \[Media Pools and Media Objects\] Thumbnail wird fehlerhaft dargestellt (akill)  
25903: \[Category and Repository\] Displaying the properties of an object causes the tile view to look broken. (akill)

CVE-2020-23995: DOCU: Releases

admin/user_import.php in Chamilo 1.11.x reads XML data without disabling the ability to load external entities.

@@ -1,4 +1,5 @@ <?php  
/\* For licensing terms, see /license.txt \*/  
use Chamilo\\CoreBundle\\Entity\\ExtraFieldOptions; @@ -13,7 +14,6 @@ // Set this option to true to enforce strict purification for usenames. $purification\_option\_for\_usernames = false; $userId = api\_get\_user\_id();  
api\_protect\_admin\_script(true, null); api\_protect\_limit\_for\_session\_admin(); set\_time\_limit(0); @@ -220,7 +220,6 @@ function save\_data($users, $sendMail = false) if (!isset($inserted\_in\_course)) { $inserted\_in\_course = \[\]; }  
$usergroup = new UserGroup(); if (is\_array($users)) { $efo = new ExtraFieldOption('user'); @@ -433,10 +432,9 @@ function parse\_csv\_data($users, $fileName, $sendEmail = 0, $checkUniqueEmail = t \* \* @return array All user information read from the file \*/ function parse\_xml\_data($file) function parse\_xml\_data($file, $sendEmail = 0, $checkUniqueEmail = true) { $crawler = new \\Symfony\\Component\\DomCrawler\\Crawler(); $crawler\->addXmlContent(file\_get\_contents($file)); $crawler = Import::xml($file); $crawler = $crawler\->filter('Contacts > Contact '); $array = \[\]; foreach ($crawler as $domElement) { @@ -451,6 +449,16 @@ function parse\_xml\_data($file) } }  
Session::write( 'user\_import\_data\_'.api\_get\_user\_id(), \[ 'check\_unique\_email' => $checkUniqueEmail, 'send\_email' => $sendEmail, 'date' => api\_get\_utc\_datetime(), 'log\_messages' => '', \] );  
return $array; }  
@@ -548,7 +556,11 @@ function processUsers(&$users, $sendMail) $users = validate\_data($users, $checkUniqueEmail); $error\_kind\_file = false; } elseif (strcmp($file\_type, 'xml') === 0 && $ext\_import\_file == $allowed\_file\_mimetype\[1\]) { $users = parse\_xml\_data($\_FILES\['import\_file'\]\['tmp\_name'\]); $users = parse\_xml\_data( $\_FILES\['import\_file'\]\['tmp\_name'\], $sendMail, $checkUniqueEmail ); $users = validate\_data($users, $checkUniqueEmail); $error\_kind\_file = false; } @@ -590,15 +602,17 @@ function processUsers(&$users, $sendMail) $formContinue = false; $resumeStop = true; if (!empty($importData)) { $isResume = $importData\['resume'\]; $isResume = $importData\['resume'\] ?? false;  
$formContinue = new FormValidator('user\_import\_continue', 'post', api\_get\_self()); $label = get\_lang('Results'); if ($isResume) { $label = get\_lang('ContinueLastImport'); } $formContinue\->addHeader($label); $formContinue\->addLabel(get\_lang('File'), $importData\['filename'\]); if (isset($importData\['filename'\])) { $formContinue\->addLabel(get\_lang('File'), $importData\['filename'\] ?? ''); }  
$resumeStop = true; if ($isResume) { @@ -614,10 +628,12 @@ function processUsers(&$users, $sendMail) $importData\['counter'\].' / '.count($importData\['complete\_list'\]) ); } else { $formContinue\->addLabel( get\_lang('Users'), count($importData\['complete\_list'\]) ); if (!empty($importData\['complete\_list'\])) { $formContinue\->addLabel( get\_lang('Users'), count($importData\['complete\_list'\]) ); } }  
$formContinue\->addLabel(

CVE-2021-32925: Fix XML import user_import.php results page · chamilo/chamilo-lms@e71437c

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempting to use the switch users functionality. We now ensure that 403s are returned whether the user exists or not if a user cannot switch to a user or if the user does not exist. The patch for this issue is available for branch 3.4.

@@ -17,7 +17,10 @@ use Symfony\\Component\\HttpKernel\\Event\\GetResponseEvent; use Symfony\\Component\\Security\\Core\\Authentication\\AuthenticationManagerInterface; use Symfony\\Component\\Security\\Core\\Authentication\\Token\\TokenInterface; use Symfony\\Component\\Security\\Core\\Exception\\AccountStatusException; use Symfony\\Component\\Security\\Core\\Exception\\AuthenticationException; use Symfony\\Component\\Security\\Core\\Exception\\BadCredentialsException; use Symfony\\Component\\Security\\Core\\Exception\\UsernameNotFoundException; use Symfony\\Component\\Security\\Guard\\AbstractGuardAuthenticator; use Symfony\\Component\\Security\\Guard\\AuthenticatorInterface; use Symfony\\Component\\Security\\Guard\\GuardAuthenticatorHandler; @@ -40,6 +43,7 @@ class GuardAuthenticationListener implements ListenerInterface private $guardAuthenticators; private $logger; private $rememberMeServices; private $hideUserNotFoundExceptions;  
/\*\* \* @param GuardAuthenticatorHandler $guardHandler The Guard handler @@ -48,7 +52,7 @@ class GuardAuthenticationListener implements ListenerInterface \* @param iterable|AuthenticatorInterface\[\] $guardAuthenticators The authenticators, with keys that match what's passed to GuardAuthenticationProvider \* @param LoggerInterface $logger A LoggerInterface instance \*/ public function \_\_construct(GuardAuthenticatorHandler $guardHandler, AuthenticationManagerInterface $authenticationManager, $providerKey, $guardAuthenticators, LoggerInterface $logger = null) public function \_\_construct(GuardAuthenticatorHandler $guardHandler, AuthenticationManagerInterface $authenticationManager, $providerKey, $guardAuthenticators, LoggerInterface $logger = null, $hideUserNotFoundExceptions = true) { if (empty($providerKey)) { throw new \\InvalidArgumentException('$providerKey must not be empty.'); @@ -59,6 +63,7 @@ public function \_\_construct(GuardAuthenticatorHandler $guardHandler, Authenticat $this\->providerKey = $providerKey; $this\->guardAuthenticators = $guardAuthenticators; $this\->logger = $logger; $this\->hideUserNotFoundExceptions = $hideUserNotFoundExceptions; }  
/\*\* @@ -163,6 +168,12 @@ private function executeGuardAuthenticator($uniqueGuardKey, GuardAuthenticatorIn $this\->logger\->info('Guard authentication failed.', \['exception' => $e, 'authenticator' => \\get\_class($guardAuthenticator)\]); }  
// Avoid leaking error details in case of invalid user (e.g. user not found or invalid account status) // to prevent user enumeration via response content if ($this\->hideUserNotFoundExceptions && ($e instanceof UsernameNotFoundException || $e instanceof AccountStatusException)) { $e = new BadCredentialsException('Bad credentials.', 0, $e); }  
$response = $this\->guardHandler\->handleAuthenticationFailure($e, $request, $guardAuthenticator, $this\->providerKey);  
if ($response instanceof Response) {

Tag

#php