Advisories archive Searching 27788 links categorized as php vuln/adviso since 2003-04-07 Search : Search in all sources Disable validation filter
27788 results found, please narrow your search...The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insufficient input validation on the 'template' attribute used in shortcodes. This makes it possible for attackers withThe Salat Times WordPress plugin before 3.2.2 does not sanitize and escapes its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.vBulletin 5.5.2 PHP Object InjectionThe Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download a full copy ofThe Find and Replace All WordPress plugin before 1.3 does not sanitize and escape some parameters from its setting page before outputting them back to the user, leading to a Reflected Cross-Site Scripting issue.CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email.SQL Injection vulnerability in function get_user in login_manager.php in rizalafani cms-php v1.An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index, /admin.php/Admin/adminadd.htmlWordPress BeTheme 26.5.1.4 PHP Object InjectionChurchInfo 1.2.13-1.3.0 Remote Code ExecutionThe WP User Frontend WordPress plugin before 3.5.29 uses a user supplied argument called urhidden in its registration form, which contains the role for the account to be created with, encrypted via wpuf_encryption(). This could allow an attacker havingThe Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the payment status of arbitrary bookings. Furthermore, dueThe My wpdb WordPress plugin before 2.5 is missing CSRF check when running SQL queries, which could allow attacker to make a logged in admin run arbitrary SQL query via a CSRF attackThe WP-Polls WordPress plugin before 2.76.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations.Multiple Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in Quiz And Survey Master plugin <= 7.3.4 on WordPress.A vulnerability, which was classified as problematic, was found in phpservermon. This affects the function generatePasswordResetToken of the file src/psm/Service/User.php. The manipulation leads to use of predictable algorithm in random number generator.A vulnerability, which was classified as problematic, was found in phpservermon. Affected is the function setUserLoggedIn of the file src/psm/Service/User.php. The manipulation leads to use of predictable algorithm in random number generator. The exploitThe reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 does not perform CSRF checks for any of its AJAX actions, allowing an attackers to trick logged in users to perform various actions on their behalf on tThe reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call them.WordPress BeTheme BeCustom 1.0.5.2 Cross Site Request ForgeryRemote Code Execution in MODX Revolution V2.8.3-plOver 15,000 WordPress Sites Compromised in Malicious SEO CampaignWordPress Blog2Social 6.9.11 Missing AuthorizationThe Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site ScriptingThe Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsersMKCMS V6.2 has SQL injection via /ucenter/reg.php name parameter.MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parameter.MKCMS V6.2 has SQL injection via the /ucenter/repass.php name parameter.Multiple Insecure Direct Object References (IDOR) vulnerabilities in ExpressTech Quiz And Survey Master plugin <= 7.3.6 on WordPress.Ecommerce CodeIgniter Bootstrap 1.0 Cross Site ScriptingSEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Info.php.SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Zekou.php.SEMCMS SHOP v 1.1 is vulnerable to SQL via Ant_Message.php.SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_BlogCat.php.CVE-2022-3733 | SourceCodester Web-Based Student Clearance System Admin/edit-admin.php id sql injectionHospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php.Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php.Employee Record Management System v 1.2 is vulnerable to Cross Site Scripting (XSS) via editempprofile.php.Employee Record Management System v 1.2 is vulnerable to SQL Injection via editempprofile.php.SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Menu.php.SEMCMS Shop V 1.1 is vulnerable to SQL Injection via Ant_Global.php.SEMCMS v 1.1 is vulnerable to SQL Injection via Ant_Pro.php.Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themepoints Testimonials plugin <= 2.6 on WordPress.Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress.SEMCMS v 1.2 is vulnerable to SQL Injection via SEMCMS_User.php.SEMCMS SHOP v 1.1 is vulnerable to Cross Site Scripting (XSS) via Ant_M_Coup.php.SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Plist.php.Auth. (editor+) Reflected Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress.Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress.CVE-2022-41996 | ThemeFusion Avada Premium Theme up to 7.8.1 on WordPress Plugin Installation cross-site request forgeryCVE-2022-27912 | Joomla up to 4.2.3 Debug Mode information disclosureCVE-2022-3392 | WP Humans.txt Plugin up to 1.0.6 on WordPress Setting cross site scriptingCVE-2022-3391 | Retain Live Chat Plugin up to 0.1 on WordPress Setting cross site scriptingCVE-2022-3350 | Contact Bank Plugin up to 3.0.30 on WordPress Form Setting cross site scriptingCVE-2022-25849 | joyqi hyper-down Markdown Parser href cross site scripting (SNYK-PHP-JOYQIHYPERDOWN-2953544)CVE-2022-3673 | SourceCodester Sanitization Management System 1.0 Master.php message cross site scriptingCVE-2022-3672 | SourceCodester Sanitization Management System 1.0 SystemSettings.php name/shortname cross site scriptingCVE-2022-3671 | SourceCodester eLearning System 1.0 manage.php id sql injectionCVE-2022-42206 | PHPGurukul Hospital Management System in PHP 4.0 doctor/view-patient.php cross site scriptingCVE-2022-42205 | PHPGurukul Hospital Management System in PHP 4.0 add-patient.php cross site scriptingCVE-2022-41638 | Pop-Up Chop Chop Plugin up to 2.1.7 on WordPress cross site scriptingCVE-2022-40311 | Fatcat Apps Analytics Cat Plugin up to 1.0.9 on WordPress cross site scriptingCVE-2022-31366 | EVE-NG 2.0.3-112 UNL api_labs.php apiImportLabs unrestricted uploadCVE-2022-42021 | Best Student Result Management System 1.0 notice-details.php nid sql injectionA flaw was found in Wordpress 5.1. "X-Forwarded-For" is a HTTP header used to carry the client's original IP address. However, because these headers may very well be added by the client to the requests, if the systems/devices use IP addrCVE-2022-42218 | Open Source SACCO Management System 1.0 manage_loan.php sql injectionCVE-2022-3608 | thorsten phpmyfaq up to 3.1.x cross site scriptingCVE-2022-42143 | Open Source SACCO Management System 1.0 manage_payment.php sql injectionCVE-2022-42142 | Online Tours & Travels Management System 1.0 update_settings.php Privilege EscalationCVE-2022-3584 | SourceCodester Canteen Management System 1.0 edituser.php id sql injectionCVE-2022-3583 | SourceCodester Canteen Management System 1.0 login.php business sql injectionCVE-2022-3579 | SourceCodester Cashier Queuing System 1.0 Login Page /queuing/login.php username/password sql injectionWordpress Plugin ImageMagick-Engine 1.7.4 Remote Code Execution (RCE) (Authenticated)CVE-2022-41504 | Billing System Project 1.0 editProductImage.php unrestricted uploadCVE-2022-3149 | WP Custom Cursors Plugin up to 3.0.0 on WordPress cross-site request forgeryCVE-2022-3151 | WP Custom Cursors Plugin up to 3.0.0 on WordPress cross-site request forgeryCVE-2022-3139 | We're Open Plugin up to 1.41 on WordPress Setting cross site scriptingCVE-2022-3126 | Frontend File Manager Plugin Plugin up to 21.3 on WordPress cross-site request forgeryCVE-2022-2574 | Meks Easy Social Share Plugin up to 1.2.7 on WordPress Setting cross site scriptingCVE-2022-2563 | Tutor LMS Plugin up to 2.0.9 on WordPress Course cross site scriptingCVE-2020-35539 | WordPress 5.1 Header X-Forwarded-For access controlCVE-2022-35689 | Adobe Commerce/Magento Open Source up to 2.4.4-p1/2.4.5 access control (APSB22-48)CVE-2022-35698 | Adobe Commerce/Magento Open Source up to 2.4.4-p1/2.4.5 cross site scripting (APSB22-48)WordPress Zephyr Project Manager 3.2.42 SQL InjectionCVE-2022-41390 | OcoMon 4.0 download.php cod sql injectionCVE-2022-3505 | SourceCodester Sanitization Management System /php-sms/admin/ page cross site scriptingCVE-2022-41539 | Wedding Planner 1.0 /admin/users_add.php unrestricted uploadCVE-2022-41538 | Wedding Planner 1.0 photos_add.php unrestricted uploadCVE-2022-41536 | Open Source SACCO Management System 1.0 manage_user.php id sql injectionCVE-2022-41535 | Open Source SACCO Management System 1.0 manage_borrower.php id sql injectionNew PHP Version of Ducktail Malware Hijacking Facebook Business AccountsCVE-2022-42232 | Simple Cold Storage Management System 1.0 Master.php sql injectionCVE-2022-41477 | WeBid up to 1.2.2 admin/theme.php theme server-side request forgeryCVE-2022-3496 | SourceCodester Human Resource Management System 1.0 Admin Panel employeeadd.php access controlCVE-2022-3495 | SourceCodester Simple Online Public Access Catalog 1.0 Admin Login Actions.php username/password sql injectionJoomla KSAdvertiser 2.5.37 Cross Site ScriptingCVE-2021-36915 | Cozmoslabs Profile Builder Plugin up to 3.6.0 on WordPress JSON File cross-site request forgeryCVE-2021-36899 | Gabe Livan Page Speed Booster Plugin up to 1.3.8.4 on WordPress cross site scriptingCVE-2022-3464 | puppyCMS up to 5.1 /admin/settings.php site_name cross site scriptingCVE-2022-3473 | SourceCodester Human Resource Management System getstatecity.php ci sql injection
