WordPress Weaver Xtreme Theme Support plugin cross-site scripting vulnerability (CNVD-2024-26460)

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

The vulnerability of the PHP programming language interpreter arises from the lack of measures taken to eliminate special elements used in operating system commands, allowing attackers to execute arbitrary code.

The vulnerability of the PHP programming language interpreter exists because measures to neutralize the special elements used in operating system commands have not been taken. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted HTTP...

OESA-2024-1656 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

OESA-2024-1592 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

The vulnerability of the PHP programming language interpreter, related to incorrect handling of cookie files, allows attackers to intercept sessions and gain unauthorized access to protected information.

The vulnerability of the PHP programming language interpreter relates to the incorrect processing of cookie files, resulting from replacing spaces, periods, and open parentheses with underscores. Exploiting this vulnerability can allow an attacker to intercept sessions and gain unauthorized acces...

PT-2024-40313 · Unknown · Adodb Library For Php

Name of the Vulnerable Software and Affected Versions: ADOdb Library for PHP versions prior to 5.20.11 Description: The issue is related to SQL Injection in multiple drivers of the ADOdb Library for PHP. Recommendations: For versions prior to 5.20.11, update to version 5.20.11 or later to resolve...

VulnCheck KEV: CVE-2023-3824

In PHP version 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE...

AZL-40068 CVE-2024-3096 affecting package php for versions less than 8.1.28-1

In PHP version 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, if a password stored with passwordhash starts with a null byte \x00, testing a blank string as the password via passwordverify will incorrectly return true...

WordPress Plugin RegistrationMagic 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress...

编号撤回

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. This CVE number has...

FreeBSD : Composer -- Code execution and possible privilege escalation (33ba2241-c68e-11ee-9ef3-001999f8d30b)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 33ba2241-c68e-11ee-9ef3-001999f8d30b advisory. - Composer is a dependency Manager for the PHP language. In affected versions several files within the...

WordPress plugin Dokan code issue vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

Number withdrawn

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. This CVE number has been withdrawn...

php: 1-byte array overrun in common path resolve code

A vulnerability was found in PHP. This security issue occurs because the core path resolution function allocates a buffer one byte small. Resolving paths with lengths close to the system MAXPATHLEN setting may lead to the byte after the allocated buffer being overwritten with a NULL value, which...

Drupal Security Vulnerabilities

Drupal is an open source content management system developed by the Drupal community using the PHP language. A security vulnerability exists in Drupal. An attacker exploiting the vulnerability could obtain sensitive information and elevate privileges...

Hospital Management System SQL Injection Vulnerability (CNVD-2023-64629)

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

DEBIAN-CVE-2023-3824

In PHP version 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE...

UBUNTU-CVE-2023-3823

In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling...

编号撤回

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. This CVE number has been withdrawn...

CVE-2023-34486

itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to Cross Site Scripting XSS. Remote code execution can be achieved by entering malicious code in the date selection box...