Sql injection

A vulnerability was found in mrtnmtth joomlamodeinsatzstats up to 0.2. It has been classified as critical. This affects the function getStatsByType of the file helper.php. The manipulation of the argument year leads to sql injection. Upgrading to version 0.3 is able to address this issue. The...

Cross-site Scripting (XSS)

moodle/moodle is vulnerable to cross-site scripting. The vulnerability exists due to a lack of validation in the user-supplied input for field.class.php and helper.php which allows a remote attacker to inject and execute malicious JavaScript into the system...

Improper Authentication

moodle is using Improper Authentication. The vulnerability exists in logoutdbsession function in helper.php where a session hijack risk was identified in the shibboleth authentication plugin, in which the sessions weren't killed after the user logging out...

Server-Side Template Injection

nystudio107/craft-seomatic is vulnerable to server-side template injection. The vulnerability exists due to the lack of sanitization used for the url parameter in the safeCanonicalUrl function of Helper.php, allowing an attacker to inject and execute malicious code...

CVE-2022-27055

CVE-2022-27055 affects ecjia-daojia 1.38.1-20210202629. The issue is information leakage through content/apps/installer/classes/Helper.php: on installation, a new environment file is created that records database credentials (including the DB password). The vendor disputes that risk, noting the e...

PT-2022-18197 · Unknown · Ecjia-Daojia

Name of the Vulnerable Software and Affected Versions: ecjia-daojia version 1.38.1-20210202629 Description: The issue concerns information leakage via the content/apps/installer/classes/Helper.php file. When the web program is installed, a new environment file is created, recording database...

Joomla 3.2.1 /helper.php SQL注入漏洞

No description provided by source...