128 matches found
PHP 安全漏洞
PHP is a scripting language for PHP that executes on the server side. A security vulnerability exists in PHP versions prior to 8.1.30, prior to 8.2.24, and prior to 8.3.12, which stems from a flaw in the configuration directive cgi.forceredirect, which in certain uncommon configurations could all...
Z-BlogPHP 安全漏洞
Z-BlogPHP is an open source PHP-based blogging system for the Z-blog community. Z-BlogPHP suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML via a crafted payload...
PHP Security Vulnerabilities
PHP is a scripting language that executes on the server side. A security vulnerability exists in PHP that stems from vulnerability to Marvin attacks...
CVE-2024-29184 FreeScout Stored XSS to Privilege Escalation After CSP Bypass
FreeScout is a self-hosted help desk and shared mailbox. A Stored Cross-Site Scripting XSS vulnerability has been identified within the Signature Input Field of the FreeScout Application prior to version 1.8.128. Stored XSS occurs when user input is not properly sanitized and is stored on the...
Cups Easy 跨站脚本漏洞
Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the itemidy parameter on the /cupseasylive/stocktransactionslist.php page. An attacker...
WordPress plugin WP Mail Log security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability in the WordPress...
Statamic Code Issue Vulnerability
Statamic is a powerful flat file Cms built on Laravel by Statamic USA. used to store all content, templates, assets and settings in files instead of databases. A security vulnerability exists in Statamic that stems from allowing an attacker to upload a crafted PHP file via the asset upload field...
Qualitor Security Breach
Qualitor is an application. A security vulnerability exists in Qualitor version 8.20 and earlier versions. An attacker exploits the vulnerability to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter...
The vulnerability of the Royal Elementor Addons and Templates plugin of the WordPress content management system allows a hacker to execute arbitrary code by loading a specially created file.
The vulnerability of the Royal Elementor Addons and Templates plugin of the WordPress content management system is related to the ability to download files of a dangerous type without limitation. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by downloading ...
Engineers Online Portal SQL Injection Vulnerability
Engineers Online Portal is open source an online portal . It is developed using PHP, MySQL database, HTML, CSS, Javascript, jQuery, Ajax, Bootstrap and some other libraries. Engineers Online Portal suffers from a SQL injection vulnerability that stems from the fact that manipulation of the...
Engineers Online Portal SQL Injection Vulnerability
Engineers Online Portal is open source an online portal . It is developed using PHP, MySQL database, HTML, CSS, Javascript, jQuery, Ajax, Bootstrap and some other libraries. Engineers Online Portal suffers from a SQL injection vulnerability that stems from manipulation of the username/password...
Availability Booking Calendar PHP Security Vulnerability
Availability Booking Calendar PHP is an open source availability booking calendar system by GZ Scripts. A security vulnerability exists in Availability Booking Calendar version 5.0, which stems from incorrect validation of password parameter input and vulnerability to incorrect access control...
PHP 安全漏洞
PHP is a scripting language that executes on the server side. A security vulnerability exists in PHP that stems from a buffer overflow issue, which can be exploited by an attacker to trigger a memory corruption and execute arbitrary code on the target system...
SUSE CVE-2009-3292
Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to "missing sanity checks around exif processing."...
PT-2022-8067 · Unknown · Simple Php Link Shortener
Name of the Vulnerable Software and Affected Versions: simple php link shortener affected versions not specified Description: A critical issue was found in simple php link shortener, affecting an unknown function of the file index.php. The manipulation of the argument link"id" leads to sql...
Virtual Exim 2 安全漏洞
Virtual Exim 2 is a PHP and SQL based approach to Vexim open source. Multiple email domains can be hosted using Exim. A security vulnerability exists in Virtual Exim 2 that stems from the presence of unknown processing that manipulates to cause cross-site scripting...
PHP 缓冲区错误漏洞
PHP is a scripting language that executes on the server side. A buffer error vulnerability exists in versions prior to PHP 8.1.12, which stems from the fact that an attacker can force an invalid memory address to be read via imageloadfont in order to trigger a denial of service or obtain sensitiv...
Online Pet Shop We App 代码问题漏洞
Online Pet Shop We App is an online pet store web application by Carlo Montero Personal Developer. A security vulnerability exists in Online Pet Shop We App v1.0, which originates from an arbitrary file upload vulnerability via the Edit function in the Product Listing module, which allows an...
Wedding Hall Booking System 跨站脚本漏洞
Wedding Hall Booking System is a simple PHP-titled wedding hall booking system by the individual developer Carlo Montero. Wedding Hall Booking System suffers from a cross-site scripting vulnerability that stems from the manipulation of the parameter Message by an unknown function in the Contect...
PT-2022-3952 · Unknown · Ossn Open Source Social Network
Name of the Vulnerable Software and Affected Versions: Open Source Social Network version 6.3 LTS Description: The issue is related to an arbitrary file upload vulnerability in the /ossn/administrator/com installer component. This vulnerability allows attackers to execute arbitrary code via a...