Secret-Coder-PHP-Project Security Vulnerability

Secret-Coder-PHP-Project is a PHP-based project. A security vulnerability exists in version 1.0 of Secret-Coder-PHP-Project that stems from the inclusion of sensitive information in the code...

CVE-2023-47253

Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter...

CVE-2023-1719

Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to 1 enumerate attachments on the server and 2 execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim ha...

The vulnerability of the WPanel CMS system, related to the lack of restrictions on file uploads, allows a hacker to execute arbitrary code.

The vulnerability of the WPanel CMS system is related to the lack of restrictions on the download of files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by downloading arbitrary PHP files remotely...

CVE-2023-46815

An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attacker with...

CVE-2023-37908

XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid attribute...

Cross site scripting

XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid attribute...

CVE-2023-37908 org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in Identifiers in Web Pages vulnerability

XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid attribute...

Sangfor Next-Gen Application Firewall Security Vulnerabilities

Sangfor Next-Gen Application Firewall Sangfor NGAF is an application firewall from China-based Sangfor. A security vulnerability exists in Sangfor Next-Gen Application Firewall NGAF version 8.0.17, which originates from a source code disclosure issue. The vulnerability can be exploited to obtain...

CVE-2023-43835

Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content...

CVE-2023-37629

Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by sending a POST request to "add-pig.php."...

PT-2023-25764 · Travianz · Travianz

Name of the Vulnerable Software and Affected Versions: TravianZ versions 8.3.3 through 8.3.4 Description: The issue allows remote attackers to execute PHP code through PHP injection in the config editor on the admin page. Recommendations: For versions 8.3.3 and 8.3.4, consider disabling the confi...

CVE-2023-35808

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using crafted requests, custom PHP code can be injected and executed through the Notes module because of missing input...

SugarCRM Enterprise 安全漏洞

SugarCRM Enterprise is an enterprise version of an open source Customer Relationship Management CRM system from SugarCRM USA. The system supports differentiated marketing for different customer needs, managing and distributing sales leads, and enabling information sharing and tracking of sales...

Cross site scripting

XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1 and massively improved in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting...

PT-2023-8608 · Xwiki · Xwiki

Name of the Vulnerable Software and Affected Versions: XWiki versions 4.2-milestone-1 through 14.10 Description: The issue concerns the "restricted" mode of the HTML cleaner in XWiki, which allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid HTML comments. This...

PT-2023-8609 · Unknown · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 14.10.3 XWiki Platform versions prior to 15.0-rc-1 Description: The issue allows a user without script or programming rights to edit a user profile or any other document with the wiki editor and add groovy...

CVE-2023-29201

XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1, only escaped and -tags but neither attributes that can be used to inject scripts nor other dangerous HTML tags like . ...

CVE-2023-29201 org.xwiki.commons:xwiki-commons-xml Cross-site Scripting vulnerability

XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1, only escaped and -tags but neither attributes that can be used to inject scripts nor other dangerous HTML tags like . ...

CVE-2023-29201 org.xwiki.commons:xwiki-commons-xml Cross-site Scripting vulnerability

XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1, only escaped and -tags but neither attributes that can be used to inject scripts nor other dangerous HTML tags like . ...