Lucene search
K
Phpgacl ProjectPhpgacl

7 matches found

CVE
CVE
added 2021/02/01 3:5 p.m.76 views

CVE-2020-13562

CVE-2020-13562 – phpGACL 3.3.7 XSS vulnerabilities. Multiple cross‑site scripting flaws exist in the template rendering paths of phpGACL 3.3.7, enabling arbitrary JavaScript execution via unescaped user input in template actions (e.g., action, group_id, acl_id). Documented vectors include admin/a...

9.6CVSS6AI score0.77745EPSS
CVE
CVE
added 2022/04/18 4:15 p.m.59 views

CVE-2020-13567

CVE-2020-13567 concerns the phpGACL 3.3.7 library, which contains multiple SQL injection vulnerabilities. The flaws arise from unsanitized input being concatenated into SQL queries across the code paths in phpGACL (notably in admin/edit_group.php and related group handling functions), enabling at...

9.8CVSS9.9AI score0.02337EPSS
CVE
CVE
added 2021/02/01 3:6 p.m.56 views

CVE-2020-13563

CVE-2020-13563 covers multiple XSS vulnerabilities in phpGACL 3.3.7 templates. The Red Hat, NVD, OSV, CVE.org and TALOS entries describe XSS via unsanitized Smarty template variables such as group_id, acl_id and action, leading to arbitrary JavaScript execution when crafting specific HTTP request...

9.6CVSS6AI score0.75856EPSS
CVE
CVE
added 2021/02/10 7:55 p.m.56 views

CVE-2020-13565

CVE-2020-13565 affects phpGACL 3.3.7, OpenEMR 5.0.2, and OpenEMR development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). The vulnerability is an open redirect in the return_page redirection functionality. A specially crafted HTTP request can cause redirects to an arbitrary UR...

6.1CVSS6.1AI score0.01879EPSS
CVE
CVE
added 2021/02/01 3:7 p.m.51 views

CVE-2020-13564

CVE-2020-13564 is a set of cross-site scripting vulnerabilities in phpGACL 3.3.7’s template rendering. The Red Hat, NVD, OSV, PRION, and TALOS records describe XSS via template parameters such as acl_id, action, group_id, and related template variables (e.g., smarty variables in acl_admin.tpl and...

9.6CVSS6AI score0.75856EPSS
CVE
CVE
added 2021/04/13 2:59 p.m.51 views

CVE-2020-13566

CVE-2020-13566 affects phpGACL 3.3.7. The vulnerability is a SQL injection in admin/edit_group.php when action=Delete and the delete_group parameter is supplied, enabling crafted HTTP requests to inject SQL. Documents confirm affected software, the vulnerable component/file, and the underlying ca...

8.8CVSS9.1AI score0.01576EPSS
Web
CVE
CVE
added 2021/04/13 3:0 p.m.50 views

CVE-2020-13568

CVE-2020-13568 affects phpGACL 3.3.7. A SQL injection exists in admin/edit_group.php triggered by a crafted HTTP request where action is “Submit” and the POST parameter parent_id leads to injection. Multiple connected sources (e.g., PT-2021-9641, OSV/NVD/NASL lines) reiterate the same vulnerabili...

8.8CVSS8.9AI score0.29683EPSS
Web