CVE-2023-45121 Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi)

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'desc' parameter of the /update.php?q=addquiz resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-45117

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'eid' parameter of the /update.php?q=rmquiz resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-45118

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'fdid' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database...

PT-2023-29422 · Unknown · Online Examination System

Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue concerns multiple Authenticated SQL Injection vulnerabilities. Specifically, the right parameter of the "update.php" resource does not validate the characters received and they are...

Projectworlds Online Examination System SQL Injection Vulnerability

Projectworlds Online Examination System is an online examination system from Projectworlds India. A SQL injection vulnerability exists in Projectworlds Online Examination System v1.0, which stems from the "fdid" parameter of update.php that does not validate received characters and is sent to the...

Projectworlds Online Examination System SQL Injection Vulnerability

Projectworlds Online Examination System is an online examination system from Projectworlds India. Projectworlds Online Examination System v1.0 suffers from a SQL injection vulnerability, which stems from the "ch" parameter of update.php not validating received characters and sending them to the...

CVE-2023-6417

A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via update.php in the id parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all th...

Important: php

Issue Overview: GHSA-76gg-c692-v2mw: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP NOTE: Fixed in 8.2.7, 8.1.20, 8.0.29 NOTE: https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw NOTE:...

Important: php

Issue Overview: A vulnerability was found in PHP due to an uninitialized array in pgqueryparams function. When using the Postgres database extension, supplying invalid parameters to the parameterized query may lead to PHP attempting to free memory, using uninitialized data as pointers. This flaw...

Important: php

Issue Overview: In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar function, the read outside allocated buffer will be used. This can lead ...

CVE-2023-2596

A vulnerability was found in SourceCodester Online Reviewer System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /reviewer/system/system/admins/manage/users/user-update.php of the component GET Parameter Handler. The manipulation of the argument...

CVE-2022-35422

Web Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the qid parameter at update.php...

CVE-2022-31904

EGT-Kommunikationstechnik UG Mediacenter before v2.0 was discovered to contain a cross-site scripting XSS vulnerability via the component OnlineUpdate.php...

CVE-2022-31904

EGT-Kommunikationstechnik UG Mediacenter before v2.0 was discovered to contain a cross-site scripting XSS vulnerability via the component OnlineUpdate.php...

CVE-2020-23653

An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution...

PT-2021-10922 · Unknown · Thinkadmin

Name of the Vulnerable Software and Affected Versions: ThinkAdmin versions 4.x through 6.x Description: An insecure unserialize vulnerability was discovered in ThinkAdmin, which may lead to arbitrary remote code execution. The issue is located in files such as "app/admin/controller/api/Update.php...

PT-2019-9617 · Gnuboard · Gnuboard5

Name of the Vulnerable Software and Affected Versions: GNUBOARD5 version 5.3.1.9 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the bo mobile content head parameter, also known as the "mobile board head contents" parameter, in the adm/board form update.p...

[SECURITY] Fedora 22 Update: php-symfony-2.5.12-1.fc22

PHP framework for web projects...

Parallels Plesk Panel phppath/php vulnerability

Overview Parallels Plesk Panel versions 9.0 - 9.2.3 on Linux platforms are vulnerable to remote code execution. Description Parallels Plesk Panel versions 9.0 - 9.2.3 on Linux platforms may be exploited by a combination of CVE-2012-1823 and the Plesk phppath script alias usage. There have been...

PHP Error Log Format String Command Injection

The version of PHP that is running on the remote host is older than 3.0.17 or 4.0.3. If the option 'logerrors' is set to 'On' in php.ini, then an attacker may execute arbitrary code on this host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...