Pluck 信任管理问题漏洞

Pluck is a content management system CMS developed using the PHP language. an access control error vulnerability exists in Pluck-CMS Pluck, which stems from a missing SSL certificate validation issue in updateapplet.php, which could lead to a man-in-the-middle attack. No details of the...

WordPress SpiderCatalog plugin SQL injection vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress SpiderCatalog plugin 1.7.3 and earlier versions, which stems...

php: FILTER_VALIDATE_URL accepts URLs with invalid userinfo

In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filtervar$url, FILTERVALIDATEURL, PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong dat...

CVE-2021-42077

PHP Event Calendar before 2021-09-03 allows SQL injection, as demonstrated by the /server/ajax/usermanager.php username parameter. This can be used to execute SQL statements directly on the database, allowing an adversary in some cases to completely compromise the database system. It can also be...

WordPress 插件安全漏洞

WordPress is a set of Wordpress Foundation's blogging platform developed using the PHP language. The platform supports the erection of personal blog sites on servers with PHP and MySQL. WordPress Plugin is a WordPress open source application plugin. WordPress Squaretype has a security vulnerabili...

CVE-2021-42665

An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, which can allow an attacker to bypass authentication...

WordPress Mangboard plugin SQL injection vulnerability

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. WordPress Mangboard plugin has a SQL injection vulnerability, which originates from the lack of validation of external input SQL statements in order parameters, and can be used by attackers to...

DEBIAN-CVE-2021-21705

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filtervar function with FILTERVALIDATEURL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and...

OneNav 安全漏洞

OneNav is a minimalist navigation/bookmark management system developed using PHP. A security vulnerability exists in OneNav 0.9.12 which allows information disclosure of onenav.db3 content...

Magento Commerce 代码问题漏洞

Magento is an open source e-commerce platform written in PHP by Adobe. Adobe Magento is vulnerable to improper input validation. An attacker can exploit this vulnerability to execute arbitrary code...

WordPress The Event Geek plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.The Event Geek plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in...

USN-5027-1 php-pear vulnerability

It was discovered that PEAR incorrectly handled symbolic links in archives. A remote attacker could possibly use this issue to execute arbitrary code...

GHSA-H86X-MV66-GR5Q OS Command Injection in Locutus

php/exec/escapeshellarg in Locutus PHP through 2.0.11 allows an attacker to achieve code execution...

PbootCMS Access Control Error Vulnerability

PbootCMS is an open source enterprise website content management system CMS developed using the PHP language.The message board of PbootCMS 2.0.6 is vulnerable to an access control error. An attacker can exploit the access control error vulnerability by executing the list parameter in the update...

WordPress Code Injection Vulnerability (CNVD-2021-52418)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A code injection vulnerability exists in the WordPress...

Logic flaw vulnerability in PHPOK of Shenzhen Kunshuo Technology Co. Ltd (CNVD-2021-51497)

PHPOK is a set of popular enterprise website construction system written in PHP language and MySQL database. Ltd. PHPOK has a logic flaw vulnerability that can be exploited by attackers to gain control of the server...

Dream CMS suffers from SQL injection vulnerability (CNVD-2021-51284)

Dream CMS lmxcms is developed using php language and mysql database, and adopts the mainstream MVC design model. Dream CMS has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

UBUNTU-CVE-2021-21704

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute, execute, fetch and others by returning invalid response data that is not...

WordPress 竞争条件问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on PHP and MySQL servers. A security vulnerability exists in WordPress Autoptimize plugin versions prior to 2.7.8, which allows an...

WordPress FlightLo plugin SQL Injection Vulnerability

WordPress is a set of blogging platform developed by Wordpress Foundation using PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an application plugin for WordPress. A SQL injection vulnerability exists in WordPress FlightLo plug...