Advisories archive Searching 27639 links categorized as php vuln/adviso since 2003-04-07 Search : Search in all sources Disable validation filter
27639 results found, please narrow your search...CVE-2022-36635 | ZKTeco ZKBiosecurity 4.1.2 /baseOpLog.do opTimeBegin/opTimeEnd sql injectionCVE-2022-40315 | Moodle Administration Page sql injectionCVE-2022-40314 | Moodle 1.9 Backup File Privilege EscalationCVE-2021-36855 | Booking Ultra Pro Plugin up to 1.1.4 on WordPress cross-site request forgeryCVE-2021-36854 | Booking Ultra Pro Plugin up to 1.1.4 on WordPress cross-site request forgeryCVE-2022-35156 | Bus Pass Management System 1.0 download-pass.php searchdata sql injection (ID 168555)CVE-2022-41440 | Billing System Project 1.0 editcategory.php id sql injectionCVE-2022-41439 | Billing System Project 1.0 edituser.php id sql injectionCVE-2022-41437 | Billing System Project 1.0 createProduct.php Privilege EscalationCVE-2022-40313 | Moodle Mustache Template Helper cross site scriptingWooCommerce BRW Booking Rental 1.3.1 Cross Site ScriptingGuppY CMS 6.00.10 Shell UploadJoomla jMarket 5.15 Cross Site ScriptingJoomla JS Jobs Pro 1.3.6 SQL InjectionCVE-2022-31628 | PHP up to 7.4.30/8.0.23/8.1.10 phar Uncompression infinite loop (ID 81726)CVE-2020-35675 | BigProf Online Invoicing System up to 2.x Member pageTransferOwnership.php cross-site request forgeryCVE-2020-35674 | BigProf Online Invoicing System up to 2.8 membership_passwordReset.php sql injectionCVE-2021-43403 | FusionPBX up to 4.5.29 Log View Page log_viewer.php information disclosureCVE-2021-40691 | Moodle Shibboleth Authentication Plugin Privilege EscalationJoomla EDocman 1.23.3 Cross Site ScriptingJoomla AdsManager 3.2.0 SQL InjectionSQL Injection vulnerability exists in version 1.0 of the Resumes Management and Job Application Website application login form by EGavilan Media that allows authentication bypass through login.php.CVE-2022-38335 | Vtiger CRM 7.4.0 E-Mail Template cross site scriptingCVE-2022-30935 | b2evolution up to 7.2.3 Password Reset Token authorization (ID 114)WordPress Sabai Discuss 1.4.13 Cross Site ScriptingEShop Joomla Shopping-Cart 3.6.0 Cross Site ScriptingWordPress Motopress Hotel Booking Lite 4.4.2 Cross Site ScriptingA stored Cross-Site Scripting (XSS) vulnerability exists in version 1.0 of the Expense Management System application that allows for arbitrary execution of JavaScript commands through index.php.CVE-2022-40485 | Wedding Planner 1.0 /package_detail.php id sql injectionCVE-2022-40484 | Wedding Planner 1.0 /admin/client_edit.php booking sql injectionCVE-2022-40483 | Wedding Planner 1.0 /wedding_details.php id sql injectionCVE-2022-3137 | TaskBuilder up to 1.0.7 on WordPress SVG File Upload admin.php file cross site scriptingCVE-2022-41343 | Dompdf up to 2.0.0 Font Registration FontMetrics.php registerFont file inclusion (ID 2994)The Scripts Organizer WordPress plugin before 3.0 does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allowThe Restricted Site Access WordPress plugin before 7.3.2 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations in certain situations.The SVG Support WordPress plugin before 2.5 does not properly handle SVG added via an URL, which could allow users with a role as low as author to perform Cross-Site Scripting attacksCVE-2022-1613 | Restricted Site Access Plugin up to 7.3.1 on WordPress HTTP Header REMOTE_ADDR authorizationCVE-2022-3025 | Bitcoin Altcoin Faucet Plugin up to 1.6.0 on WordPress Setting cross site scriptingCVE-2022-3024 | Simple Bitcoin Faucets Plugin up to 1.7.0 on WordPress AJAX Action cross site scriptingCVE-2022-3135 | SEO Smart Links Plugin up to 3.0.1 on WordPress Setting cross site scriptingCVE-2022-3119 | OAuth Client Single Sign On Plugin up to 3.0.3 on WordPress Setting improper authenticationCVE-2022-3098 | Login Block IPs Plugin up to 1.0.0 on WordPress Setting cross-site request forgeryCVE-2022-3074 | Slider Hero Plugin up to 8.4.3 on WordPress Slider Name cross site scriptingWordPress WP-UserOnline 2.88.0 Cross Site ScriptingCVE-2022-40215 | Biplob Adhikari Tabs Plugin up to 3.7.1 on WordPress cross site scriptingCVE-2022-36340 | MailOptin Plugin up to 1.2.49.0 on WordPress Optin Campaign Cache authorizationCVE-2022-38470 | Customer Reviews for WooCommerce Plugin up to 5.3.5 on WordPress cross-site request forgeryCVE-2022-38134 | Customer Reviews for WooCommerce Plugin up to 5.3.5 on WordPress access controlCVE-2022-40359 | kfm up to 1.4.7 GET Request /kfm/index.php cross site scriptingCVE-2022-40194 | Customer Reviews for WooCommerce Plugin up to 5.3.5 on WordPress information disclosureCVE-2022-40932 | Zoo Management System 1.0 Gallery Module unrestricted uploadCVE-2022-40088 | Simple College Website 1.0 index.php page cross site scriptingVDB-209370 | Zephyr Project Manager up to 3.2.4 on WordPress REST Call /v1/tasks/create/ onanimationstart cross site scriptingCVE-2022-40193 | Awesome Filterable Portfolio Plugin up to 1.9.7 on WordPress cross site scriptingCVE-2022-38703 | Max Foundry MaxButtons Plugin up to 9.2 on WordPress cross site scriptingCVE-2022-38460 | Notice Board Plugin up to 1.1 on WordPress cross site scriptingCVE-2022-38085 | Read More by Adam Plugin up to 1.1.8 on WordPress cross-site request forgeryCVE-2022-37342 | Add Shortcodes Actions and Filters Plugin up to 2.0.9 on WordPress cross site scriptingCVE-2022-37339 | Fullworks Meet My Team Plugin up to 2.0.5 on WordPress cross site scriptingCVE-2022-37338 | Blossom Recipe Maker Plugin up to 1.0.7 on WordPress cross site scriptingCVE-2022-37330 | WHA Crossword Plugin up to 1.1.10 on WordPress cross site scriptingCVE-2022-37328 | Themes Awesome History Timeline Plugin up to 1.0.5 on WordPress cross site scriptingCVE-2022-40029 | SourceCodester Simple Task Managing System 1.0 newProjectValidation.php shortName cross site scriptingCVE-2022-40028 | SourceCodester Simple Task Managing System 1.0 newProjectValidation.php fullName cross site scriptingCVE-2022-40027 | SourceCodester Simple Task Managing System 1.0 newTask.php shortName cross site scriptingCVE-2022-40030 | SourceCodester Simple Task Managing System 1.0 changeStatus.php bookId sql injectionCVE-2022-40026 | SourceCodester Simple Task Managing System 1.0 board.php board bookId sql injectionCVE-2022-38073 | Awesome Support Plugin up to 6.0.7 on WordPress cross site scriptingCVE-2022-36390 | Totalsoft Event Calendar Plugin up to 1.4.6 on WordPress cross site scriptingCVE-2022-36383 | WHA World Search Puzzles Game Plugin up to 2.0.1 on WordPress cross site scriptingCVE-2022-36365 | WHA Crossword Plugin up to 1.1.10 on WordPress cross site scriptingCVE-2022-40219 | SedLex FavIcon Switcher Plugin up to 1.2.11 on WordPress Setting cross-site request forgeryThe Site Offline Or Coming Soon Or Maintenance Mode WordPress plugin before 1.5.3 prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL's query string would bypass the plugin'sThe WordPress Ping Optimizer WordPress plugin before 2.35.1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attackCVE-2022-40443 | ZZCMS 2022 GET Request /one/siteinfo.php path traversalCVE-2022-40447 | ZZCMS 2022 /admin/baojia_list.php keyword sql injectionCVE-2022-40446 | ZZCMS 2022 sendmailto.php sql injectionCVE-2022-40444 | ZZCMS 2022 /admin/index.PHP information disclosureCVE-2022-40935 | oretnom23 Online Pet Shop We App 1.0 Master.php id sql injectionCVE-2022-40934 | oretnom23 Online Pet Shop We App 1.0 Master.php id sql injectionCVE-2022-40933 | oretnom23 Online Pet Shop We App 1.0 Master.php id sql injectionCVE-2022-40357 | Z-BlogPHP up to 1.7.2 action_crawler.php source server-side request forgery (ID 336)Cross Site Scripting (XSS vulnerability exists in )Sourcecodester News247 News Magazine (CMS) PHP 5.6 or higher and MySQL 5.7 or higher via the blog category name fieldA Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Storage Unit Rental Management System PHP 8.0.10 , Apache 2.4.14, SURMS V 1.0 via the Add New Tenant List Rent List form.CVE-2022-38509 | Wedding Planner 1.0 /admin/budget.php booking_id sql injectionCVE-2022-38576 | janobe Interview Management System 1.0 delete.php id sql injectionCVE-2022-28204 | MediaWiki 1.37.0/1.37.1 index.php denial of service (T297754)CVE-2022-28203 | MediaWiki up to 1.35.5/1.36.3/1.37.1 Special:NewFiles denial of serviceWordPress GetYourGuide Ticketing 1.0.1 Cross Site ScriptingCVE-2022-35196 | TestLink 1.9.20 /lib/plan/planView.php cross-site request forgeryCVE-2022-3142 | NEX-Forms Plugin up to 7.9.6 on WordPress sql injectionCVE-2022-2753 | Ketchup Restaurant Reservations Plugin up to 1.0.0 on WordPress cross site scriptingCVE-2022-2710 | Scroll to Top Plugin up to 1.4.0 on WordPress Setting cross site scriptingCVE-2022-2709 | Float to Top Button Plugin up to 2.3.6 on WordPress Setting cross site scriptingCVE-2022-2567 | Form Builder CP Plugin up to 1.2.31 on WordPress Setting cross site scriptingCVE-2022-1591 | Ping Optimizer Plugin prior 2.35.1.3.0 on WordPress Setting cross-site request forgeryCVE-2022-3141 | Translate Multilingual Sites Plugin up to 2.3.2 on WordPress Settings Page sql injectionCVE-2022-2958 | BadgeOS Plugin prior 3.7.1.3 on WordPress SQL Statement sql injectionCVE-2022-2754 | Ketchup Restaurant Reservations Plugin up to 1.0.0 on WordPress SQL Statement sql injectionCVE-2022-36536 | Super Flexible Software Syncovery 9 up to 9.47x on Linux Session Token post_applogin.php access control
