CVE-2024-36774

An arbitrary file upload vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2024-36774

An arbitrary file upload vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2024-5673

Vulnerability in Dulldusk's PHP File Manager affecting version 1.7.8. This vulnerability consists of an XSS through the fmcurrentdir parameter of index.php. An attacker could send a specially crafted JavaScript payload to an authenticated user and partially hijack their browser session...

CVE-2024-5673

Vulnerability in Dulldusk's PHP File Manager affecting version 1.7.8. This vulnerability consists of an XSS through the fmcurrentdir parameter of index.php. An attacker could send a specially crafted JavaScript payload to an authenticated user and partially hijack their browser session...

CVE-2024-5673 Cross-Site Scripting in PHP File Manager by Dulldusk

Vulnerability in Dulldusk's PHP File Manager affecting version 1.7.8. This vulnerability consists of an XSS through the fmcurrentdir parameter of index.php. An attacker could send a specially crafted JavaScript payload to an authenticated user and partially hijack their browser session...

CVE-2024-5673 Cross-Site Scripting in PHP File Manager by Dulldusk

Vulnerability in Dulldusk's PHP File Manager affecting version 1.7.8. This vulnerability consists of an XSS through the fmcurrentdir parameter of index.php. An attacker could send a specially crafted JavaScript payload to an authenticated user and partially hijack their browser session...

PHP File Manager security vulnerability

PHP File Manager is a complete file system management tool from the individual developers at Dulldusk. A security vulnerability exists in PHP File Manager version 1.7.8, which stems from the presence of a cross-site scripting XSS vulnerability that allows an attacker to hijack a browser session b...

CVE-2024-5635

A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument txtsearch leads to sql injection. The attack can be launched remotely...

CVE-2024-34551

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Select-Themes Stockholm allows PHP Local File Inclusion.This issue affects Stockholm: from n/a through 9.6...

CVE-2024-34554

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Select-Themes Stockholm Core allows PHP Local File Inclusion.This issue affects Stockholm Core: from n/a through 2.4.1...

CVE-2024-5336 Ruijie RG-UAC vlan_add_commit.php addVlan os command injection

A vulnerability has been found in Ruijie RG-UAC up to 20240516 and classified as critical. This vulnerability affects the function addVlan of the file /view/networkConfig/vlan/vlanaddcommit.php. The manipulation of the argument phyport leads to os command injection. The attack can be initiated...

GHSA-F98P-2HC5-FM7V AVideo cross-site scripting vulnerability in the view/about.php page

The PHP file view/about.php is vulnerable to an XSS issue due to no sanitization of the user agent. At line 53, the website gets the user-agent from the headers through $SERVER'HTTPUSERAGENT' and echo it without any sanitization. In PHP, echo a user generated statement, here the User-Agent Header...

PT-2024-12725 · Unknown · Averta Phlox Portfolio

Name of the Vulnerable Software and Affected Versions: Averta Phlox Portfolio versions prior to 2.3.1 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal', which allows PHP Local File Inclusion. This means that an...

CVE-2024-4720

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /model/approvepettycash.php. The manipulation of the argument adminindex leads to cross site scripting. The...

PT-2024-33006 · Ruijie · Ruijie Rg-Uac

Name of the Vulnerable Software and Affected Versions: Ruijie RG-UAC versions prior to 20240507 Description: A critical vulnerability exists in Ruijie RG-UAC. The issue affects an unknown functionality within the file /view/bugSolve/viewData/detail.php. Manipulation of the filename argument leads...

[SECURITY] [DSA 5685-1] wordpress security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5685-1 [email protected] https://www.debian.org/security/ Markus Koschany May 08, 2024 https://www.debian.org/security/faq -...

CVE-2023-23019

Cross site scripting XSS vulnerability in file main.php in sourcecodester oretnom23 Blog Site 1.0 via the name and email parameters to function useradd....

PT-2024-11981 · Unknown · Sourcecodester Oretnom23 Blog Site

Name of the Vulnerable Software and Affected Versions: sourcecodester oretnom23 Blog Site version 1.0 Description: The issue is related to a cross site scripting XSS vulnerability in the file main.php. This vulnerability can be exploited via the name and email parameters to the user add function...

PT-2024-30276 · Hubbank · Hubbank

Name of the Vulnerable Software and Affected Versions: HubBank version 1.0.2 Description: The issue allows a registered user to upload malicious PHP files via upload document fields, resulting in webshell execution. This is a critical unrestricted file upload vulnerability. Recommendations: For...

CVE-2023-48710 iTop limit pages/exec.php script to PHP files

iTop is an IT service management platform. Files from the env-production folder can be retrieved even though they should have restricted access. Hopefully, there is no sensitive files stored in that folder natively, but there could be from a third-party module. The pages/exec.php script as been...