PT-2026-36744

Name of the Vulnerable Software and Affected Versions Gym Management System In PHP and Windows NT 1.0 affected versions not specified Description A remote SQL injection can be triggered through the manipulation of the day argument in the '/index.php' endpoint. SQL injection is a type of flaw that...

WWBN AVideo 授权问题漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained an authorization vulnerability. This vulnerability stemmed from the standAloneFiles/control.json.php endpoint, which allowed users to control the streamerURL...

WWBN AVideo 代码问题漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained code vulnerabilities. These vulnerabilities stemmed from the isSSRFSafeURL function, which allowed bypassing IPv6 addresses using IPv4 mapping. This could lead to...

EUVD-2023-2010

Malicious code in bioql PyPI...

BIT-LIBPHP-2023-3823 Security issue with external entity loading in XML without enabling it

In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling...

OS Command Exec, Unix Command Shell, Reverse TCP (via netcat -e)

Execute an OS command from PHP. Creates an interactive shell via netcat Module Options msf use payload/php/unix/cmd/reversenetcatgaping msf payloadreversenetcatgaping show actions ...actions... msf payloadreversenetcatgaping set ACTION msf payloadreversenetcatgaping show options ...show and set...

OS Command Exec, Unix Command Shell, Bind TCP (via netcat -e)

Execute an OS command from PHP. Listen for a connection and spawn a command shell via netcat Module Options msf use payload/php/unix/cmd/bindnetcatgaping msf payloadbindnetcatgaping show actions ...actions... msf payloadbindnetcatgaping set ACTION msf payloadbindnetcatgaping show options ...show...

The vulnerability of the PHP platform pimcore, related to the lack of measures taken to protect the structure of web pages, allows attackers to perform cross-site scripting attacks.

The vulnerability of the PHP platform pimcore is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

WWBN AVideo SQL注入漏洞

WWBN AVideo is a video platform builder written in PHP by the WWBN team. A SQL injection vulnerability exists in WWBN AVideo version 11.6. An attacker exploits this vulnerability to cause SQL injection via a specially crafted HTTP request...

s-cart 跨站脚本漏洞

s-cart is a Php-based e-commerce management platform from the s-cart community. s-cart versions prior to 6.9 contain a cross-site scripting vulnerability that can be exploited by attackers to execute JavaScript code on the client side, which can steal cookies from any victim who accesses the...

CVE-2022-26254

WoWonder The Ultimate PHP Social Network Platform v4.0.0 was discovered to contain an access control issue which allows unauthenticated attackers to arbitrarily change group ID names...

Elite Graphix Elite Cms SQL注入漏洞

Elite Graphix Elite Cms is a Web Content Management written in Php language by Elite Graphix India. A platform for storing and organizing information and documents. Elite Graphix Elite Cms suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL...

Lightweight Facebook-Styled Blog Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Lightweight facebook-styled blog authenticated remote code execution", 'Description' = %q This module exploits the file upload vulnerability of...

Lightweight facebook-styled blog 1.3 - Remote Code Execution (RCE) (Authenticated) (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Lightweight facebook-styled blog authenticated remote code execution", 'Description' = %q This module exploits the file upload vulnerability of...

Command Execution Vulnerability in PHP Simple Auto Card Issuing Platform Personal Edition

PHP simple automatic card issuance platform personal version is the use of php mysql for the development of automatic card payment platform. The platform backend has an arbitrary write configuration file vulnerability that leads to command execution. PHP Simple Automatic Card Issuance Platform...

XSS Vulnerability in Tiantian Group Buying System

Days of group-buying system is a set of open-source PHP group-buying program, but also has a PC terminal web terminal, Android client, iPhone client, micro letter terminal and cell phone WAP terminal 5 access channel o2o e-commerce system. Tian Tian Group Buying system XSS vulnerability , attacke...

FlexNet Publisher 11.12.1 - Cross-Site Request Forgery (Add Local Admin) Vulnerability

Exploit for php platform in category web applications...

Part-DB 0.4 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications...

Tebilisim Remote File Read Vulnerability

Exploit for php platform in category web applications This is private exploit. You can buy it at https://0day.today...

Newsbull Haber Script 1.0.0 - search SQL Injection Vulnerability

Exploit for php platform in category web applications...