WordPress SureForms plugin <= 1.7.3 - Unauthenticated PHP Object Injection (PHAR) vulnerability

Unauthenticated PHP Object Injection PHAR vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin SureForms versions = 1.7.3...

ECShop 跨站脚本漏洞

ECShop is an open source mall system for business school . Support PC + H5 + APP + small program mall, source code free download experience, suitable for enterprise development and build mall. There is a cross-site scripting vulnerability in ECShop, which originates from the lack of security...

CSZ CMS SQL Injection Vulnerability

CSZ CMS is a PHP-based open source content management system CMS. A SQL injection vulnerability exists in the core/MYSecurity.php file in CSZ CMS version 1.2.2 prior to 2019-06-20. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based application...

Design/Logic Flaw

baigoStudio baigoSSO v3.0.1 allows remote attackers to execute arbitrary PHP code via the first form field of a configuration screen, because this code is written to the BGSITENAME field in the optbase.inc.php file...

compass.systemhaus.com.br Improper Access Control vulnerability

Open Bug Bounty ID: OBB-654064 Description| Value ---|--- Affected Website:| compass.systemhaus.com.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...

CVE-2017-1000152

Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 are vulnerable to one user being logged in as another user on a separate computer as the same session ID is served. This situation can occur when a user takes an action that forces another user to be logged out of Mahara, such a...

GENU CMS 2012.3 - Multiple SQL Injection Vulnerabilities

Document Title: =============== GENU CMS 2012.3 - Multiple SQL Injection Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=538 Release Date: ============= 2012-04-29 Vulnerability Laboratory ID VL-ID: ==================================== 53...

CVE-2011-3716

Claroline 1.9.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by work/connector/linker.cnr.php and certain other files...

[20100423] - Core - Negative Values for Limit and Offset

If a user entered a URL with a negative query limit or offset, a PHP notice would display revealing information about the system...

Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Gallery 1.4 including file vulnerability

Gallery 1.4 including file vulnerability -Background Information- Gallery is a Web-based software product that lets you manage photos on any Web site that offers PHP support. With Gallery you can easily create and maintain albums of photos via an intuitive interface. Photo management includes...