7 matches found
CVE-2020-13562
CVE-2020-13562 – phpGACL 3.3.7 XSS vulnerabilities. Multiple cross‑site scripting flaws exist in the template rendering paths of phpGACL 3.3.7, enabling arbitrary JavaScript execution via unescaped user input in template actions (e.g., action, group_id, acl_id). Documented vectors include admin/a...
CVE-2020-13567
CVE-2020-13567 concerns the phpGACL 3.3.7 library, which contains multiple SQL injection vulnerabilities. The flaws arise from unsanitized input being concatenated into SQL queries across the code paths in phpGACL (notably in admin/edit_group.php and related group handling functions), enabling at...
CVE-2020-13563
CVE-2020-13563 covers multiple XSS vulnerabilities in phpGACL 3.3.7 templates. The Red Hat, NVD, OSV, CVE.org and TALOS entries describe XSS via unsanitized Smarty template variables such as group_id, acl_id and action, leading to arbitrary JavaScript execution when crafting specific HTTP request...
CVE-2020-13565
CVE-2020-13565 affects phpGACL 3.3.7, OpenEMR 5.0.2, and OpenEMR development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). The vulnerability is an open redirect in the return_page redirection functionality. A specially crafted HTTP request can cause redirects to an arbitrary UR...
CVE-2020-13564
CVE-2020-13564 is a set of cross-site scripting vulnerabilities in phpGACL 3.3.7’s template rendering. The Red Hat, NVD, OSV, PRION, and TALOS records describe XSS via template parameters such as acl_id, action, group_id, and related template variables (e.g., smarty variables in acl_admin.tpl and...
CVE-2020-13566
CVE-2020-13566 affects phpGACL 3.3.7. The vulnerability is a SQL injection in admin/edit_group.php when action=Delete and the delete_group parameter is supplied, enabling crafted HTTP requests to inject SQL. Documents confirm affected software, the vulnerable component/file, and the underlying ca...
CVE-2020-13568
CVE-2020-13568 affects phpGACL 3.3.7. A SQL injection exists in admin/edit_group.php triggered by a crafted HTTP request where action is “Submit” and the POST parameter parent_id leads to injection. Multiple connected sources (e.g., PT-2021-9641, OSV/NVD/NASL lines) reiterate the same vulnerabili...