GHSA-MH6W-VXFF-9WQP PHPUnit: Argument injection via newline in PHP INI values forwarded to child processes

Impact PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string delimiter, ; as the start of a comment, and most importantly a newli...

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via the settingsToParameters process. An attacker can execute arbitrary code and alter configuration by injecting newline characters into PHP INI values that are forwarded to child processes. This is only exploitable if t...

Code-Projects Restaurant Reservation System SQL注入漏洞

Code-Projects Restaurant Reservation System is an open source restaurant reservation system from Code-Projects. A SQL injection vulnerability exists in Code-Projects Restaurant Reservation System version 1.0, which stems from an incorrect manipulation of the from and to parameters that can lead t...

Simple Inventory System SQL注入漏洞

Simple Inventory System is a simple inventory system by argie individual developer. SourceCodester Simple Inventory System version 1.0 suffers from a SQL injection vulnerability that stems from the from/to parameter in the file tableedit.php that can lead to SQL injection...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A security vulnerability exists in the SP...

DEBIAN-CVE-2012-1293

Multiple cross-site scripting XSS vulnerabilities in fup in Frams' Fast File EXchange FEX, aka fex before 20111129-2 allow remote attackers to inject arbitrary web script or HTML via the 1 to or 2 from parameters...