PHPGurukul Complaint Management System 安全漏洞

Complaint Management System is a complaint management system. Complaint Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the search parameter of user-search.php, which can be exploited to...

GHSA-529Q-4J3P-7C5R algoliasearch-helper is vulnerable to Prototype Pollution in _merge()

Versions of the package algoliasearch-helper from 2.0.0-rc1 and before 3.11.2 are vulnerable to Prototype Pollution in the merge function in merge.js, which allows constructor.prototype to be written even though doing so throws an error. In the "extreme edge-case" that the resulting error is...

PvPGN Stats SQL Injection Vulnerability

PvPGN Stats is a PHP-based tool that supports the integration of websites with the PvPGN game server, displaying server status, ladder pages, and more. A SQL injection vulnerability exists in the ladder/stats.php file in PvPGN Stats version 2.4.6, which stems from the program not filtering databa...

CVE-2017-18287

An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the POST usersearch parameter...

CVE-2017-12777

Cross-Site Scripting XSS exists in NexusPHP version v1.5 via some parameter to usersearch.php...