KLiK SocialMediaWebsite 代码问题漏洞

KLiK SocialMediaWebsite is a simple PHP-based social media website by the individual developer Muhammad Saad. A code issue vulnerability exists in version 1.0 of KLiK SocialMediaWebsite, which stems from the File Handler component's manipulation of the function uniqid in the file upload.inc.php,...

EUVD-2025-6166

Malicious code in bioql PyPI...

EUVD-2025-6167

Malicious code in bioql PyPI...

traQ 日志信息泄露漏洞

traq is a PHP-based project management and issue tracking system by Jack Polgar, a personal developer. A log information disclosure vulnerability exists in versions of traQ prior to 3.25.0, which stems from recording sensitive information in SQL error logs, which could lead to information...

CVE-2025-5370

A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has...

CVE-2025-47937

TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, when performing a database query involving multiple tables through the database abstraction layer DBAL, frontend...

Projeqtor 代码问题漏洞

Projeqtor is an open source PHP-based project management software from the Projeqtor community. The software is used to organize various functions required for multiple projects and is suitable for IT projects. A code issue vulnerability exists in Projeqtor 12.0.2 and earlier versions, which stem...

CVE-2025-27412 REDAXO allows Authenticated Reflected Cross Site Scripting - packages installation

REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting XSS on the page of AddOns. This vulnerability is fixed in 5.18.3...

CVE-2025-27411

CVE-2025-27411 concerns REDAXO, a PHP-based CMS. The vulnerability is in the mediapool/media page prior to version 5.18.3, where insufficient validation allows an arbitrary file upload. Documents consistently state that this could enable uploading and potentially executing malicious files, enabli...

CVE-2024-51430

Cross Site Scripting vulnerability in online diagnostic lab management system using php v.1.0 allows a remote attacker to execute arbitrary code via the Test Name parameter on the diagnostic/add-test.php component...

Exploit for CVE-2024-9441

CVE-2024-9441 Description of the Vulnerability: This code exp...

Code-Projects Job Portal SQL注入漏洞

Code-Projects Job Portal is Code-Projects open source PHP-based job search website system. A SQL injection vulnerability exists in Code-Projects Job Portal version 1.0, which originates from a SQL injection vulnerability in the email/mobile parameter of the /forget.php page...

Bolt CMS Cross-Site Scripting Vulnerability (CNVD-2024-35158)

Bolt CMS is Bolt CMS open source PHP-based open source content management system . A cross-site scripting vulnerability exists in Bolt CMS version 3.7.1, which stems from the parameter textarea in the file /bolt/editcontent/showcases that causes cross-site scripting. No details of the vulnerabili...

Bolt CMS Cross-Site Scripting Vulnerability (CNVD-2024-35159)

Bolt CMS is Bolt CMS open source PHP-based open source content management system . A cross-site scripting vulnerability exists in Bolt CMS version 3.7.1, which stems from the parameter body in the file /preview/page can lead to cross-site scripting. No detailed vulnerability details are currently...

编号撤回

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. This CVE number has...

CSZ CMS Cross-Site Scripting Vulnerability (CNVD-2024-12211)

CSZ CMS is a PHP-based open source content management system CMS. A cross-site scripting vulnerability exists in CSZ CMS version 1.3.0, which stems from the lack of effective filtering and escaping of user-supplied data in the Site Name field, and can be exploited by an attacker to execute...

TinyTurla-NG in-depth tooling and command and control analysis

Cisco Talos, in cooperation with CERT.NGO, has discovered new malicious components used by the Turla APT. New findings from Talos illustrate the inner workings of the command and control C2 scripts deployed on the compromised WordPress servers utilized in the compromise we previously disclosed...

Cups Easy cross-site scripting vulnerability (CNVD-2024-12238)

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the description parameter on the /cupseasylive/taxstructurecreate.php page. An attacker...

Cups Easy cross-site scripting vulnerability (CNVD-2024-12208)

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the batchno parameter on the /cupseasylive/stockissuancelinecreate.php page. An attacke...

Cups Easy cross-site scripting vulnerability (CNVD-2024-11129)

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the countryid parameter on the /cupseasylive/countrymodify.php page. An attacker could...