CVE-2026-45008

CVE-2026-45008 affects phpMyFAQ up to version 4.1.2 and describes a path traversal vulnerability in the Client::deleteClientFolder function. An admin with INSTANCE_DELETE permission can submit a crafted client URL parameter (for example using sequences like ../../../) to traverse outside the inte...

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual FAQ system developed by Thorsten Rinne. It is entirely database-driven. Versions of phpMyFAQ prior to 4.1.2 contained security vulnerabilities. These vulnerabilities stemmed from path traversal in the Client::deleteClientFolder function, which could allow administrators...

GHSA-GH9P-Q46P-57G2 phpMyFAQ: Path Traversal in Client::deleteClientFolder enables arbitrary directory deletion by non-super-admin admins

Summary Client::deleteClientFolder in phpmyfaq/src/phpMyFAQ/Instance/Client.php:583 takes a URL from the caller, strips the https:// prefix, and passes the remainder to Filesystem::deleteDirectory relative to the multisite clientFolder. No path-traversal validation runs. An admin with the...

Directory Traversal

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Directory Traversal in the deleteClientFolder process. An attacker can delete arbitrary directories on the server by submitting a crafted URL containing...

Directory Traversal

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Directory Traversal in the deleteClientFolder process. An attacker can delete arbitrary directories on the server by submitting a crafted URL containing...

phpMyFAQ: Path Traversal in Client::deleteClientFolder enables arbitrary directory deletion by non-super-admin admins

Summary Client::deleteClientFolder in phpmyfaq/src/phpMyFAQ/Instance/Client.php:583 takes a URL from the caller, strips the https:// prefix, and passes the remainder to Filesystem::deleteDirectory relative to the multisite clientFolder. No path-traversal validation runs. An admin with the...

WordPress plugin WPBookit 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

EUVD-2022-46112

Malicious code in bioql PyPI...

EUVD-2022-52346

Malicious code in bioql PyPI...

CVE-2024-5893

A vulnerability classified as critical has been found in SourceCodester Cab Management System 1.0. This affects an unknown part of the file /cms/classes/Users.php?f=deleteclient. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploi...

Advocate Office Management System SQL注入漏洞

Advocate Office Management System is an office management system by Mayuri K., a personal developer. A SQL injection vulnerability exists in Advocate Office Management System version 1.0, which is caused by an SQL injection vulnerability in the id parameter of the deleteclient.php file...

CVE-2024-5893

A vulnerability classified as critical has been found in SourceCodester Cab Management System 1.0. This affects an unknown part of the file /cms/classes/Users.php?f=deleteclient. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploi...

CVE-2023-1292

A vulnerability has been found in SourceCodester Sales Tracker Management System 1.0 and classified as critical. This vulnerability affects the function deleteclient of the file classes/Master.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. T...

Sales Tracker Management System SQL注入漏洞

Sales Tracker Management System is a sales tracker management system by Carlo Montero Personal Developer. A SQL injection vulnerability exists in SourceCodester Sales Tracker Management System version 1.0, which stems from some security issues in the deleteclient function of the file...

PT-2023-16866 · Sourcecodester · Sourcecodester Sales Tracker Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Sales Tracker Management System version 1.0 Description: A critical issue has been found in the function delete client of the file classes/Master.php, where the manipulation of the argument id leads to sql injection. The attack...

CVE-2022-43063

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Users.php?f=deleteclient...

PT-2022-26735 · Unknown · Online Diagnostic Lab Management System

Name of the Vulnerable Software and Affected Versions: Online Diagnostic Lab Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/classes/Users.php?f=delete client" API endpoint...

CVE-2022-30461

Water-billing-management-system v1.0 is vulnerable to SQL Injection via /wbms/classes/Master.php?f=deleteclient, id...

CVE-2022-30461

Water-billing-management-system v1.0 is vulnerable to SQL Injection via /wbms/classes/Master.php?f=deleteclient, id...

Water-billing-management-system SQL注入漏洞

Water-billing-management-system is a water billing management system. SQL injection vulnerability exists in Water-billing-management-system v1.0. An attacker can exploit this vulnerability to conduct SQL injection attacks via /wbms/classes/Master.php?f=deleteclient...