2 matches found
CVE-2018-11032
PHPRAP 1.0.4–1.0.8 contains a SQL Injection vulnerability in the search() function of application/home/controller/project.php. All sources consistently describe an input-driven SQL injection in the project search path, enabling arbitrary SQL execution via malicious input. The affected component i...
CVE-2018-11031
PHPRAP 1.0.4–1.0.8 is affected by a server-side request forgery (SSRF) in the file application/home/controller/debug.php, exploitable via the /debug URI. The issue is triggered by crafted input such as api[url]=file:////etc/passwd and api[method]=get in a POST request, enabling an attacker to ind...