Advisories archive Searching 27365 links categorized as php vuln/adviso since 2003-04-07 Search : Search in all sources Disable validation filter
27365 results found, please narrow your search...CVE-2022-2847 | SourceCodester Guest Management System front.php rid sql injectionCVE-2022-2842 | SourceCodester Gym Management System login.php user_email sql injectionCVE-2022-2824 | OpenEMR up to 7.0.0.0 access controlCVE-2022-2846 | Calendar Event Multi View Plugin on WordPress cross-site request forgeryCVE-2022-2844 | MotoPress Timetable and Event Schedule up to 1.4.06 on WordPress Calendar Subject/Location/Description cross site scriptingCVE-2022-2843 | MotoPress Timetable and Event Schedule on WordPress Quick Edit /wp-admin/admin-ajax.php post_title cross site scriptingCVE-2022-36530 | rageframe2 2.6.37 User-Agent info.php cross site scripting (ID 106)In Moodle before 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task log required extra sanitizing to prevent a reflected XSS risk.In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course.In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yui_combo needed to limit the amount of files it can load to help mitigate the risk of denial of service.In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a user's IP, in order to bypass remote address checks.In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, insufficient input escaping was applied to the PHP unit webrunner admin tool.CVE-2022-2384 | Supsystic Digital Publications Plugin up to 1.7.3 on WordPress Setting cross site scriptingCVE-2022-2379 | Easy Student Results Plugin up to 2.2.8 on WordPress REST API authorizationCVE-2022-2378 | Easy Student Results Plugin up to 2.2.8 on WordPress a cross site scriptingCVE-2022-2152 | Duplicate Page and Post Plugin up to 2.7 on WordPress Setting cross site scriptingCVE-2022-2116 | Contact Form DB Plugin up to 1.7.x on WordPress Attribute cross site scriptingCVE-2022-2354 | WP-DBManager Plugin up to 2.80.7 on WordPress code injectionCVE-2022-2535 | SearchWP Live Ajax Search Plugin up to 1.6.1 on WordPress Live Search authorizationCVE-2022-2381 | E Unlocked Student Result Plugin up to 1.0.4 on WordPress School Logo cross-site request forgeryCVE-2022-36262 | taocms 3.0.2 config.php code injection (ID 34)CVE-2022-2814 | SourceCodester Simple and Nice Shopping Cart Script /mkshope/login.php msg cross site scriptingCVE-2022-2812 | SourceCodester Guest Management System index.php username/pass sql injectionCVE-2022-2811 | SourceCodester Guest Management System myform.php name cross site scriptingPrestashop Blockwishlist 2.1.0 SQL InjectionCVE-2022-35943 | CodeIgniter Shield up to 1.0.0-beta.1 cross-site request forgery (GHSA-5hm8-vh6r-2cjq)CVE-2022-2797 | SourceCodester Student Information System view_student.php id sql injectionCVE-2022-2804 | SourceCodester Zoo Management System /pages/apply_vacancy.php filename unrestricted uploadCVE-2022-2803 | SourceCodester Zoo Management System /pages/animals.php class_id sql injectionCVE-2022-2802 | SourceCodester Gas Agency Management System gasmark/login.php username sql injectionMatrimonial PHP Script 1.0 SQL InjectionCVE-2022-36750 | Clinics Patient Management System 1.0 /pms/update_user.php id sql injectionCVE-2022-2774 | SourceCodester Library Management System librarian/student.php title sql injectionCVE-2022-2773 | SourceCodester Apartment Visitor Management System profile.php cross site scriptingCVE-2022-2772 | SourceCodester Apartment Visitor Management System action-visitor.php editid/remark sql injectionCVE-2022-2771 | SourceCodester Simple Online Book Store System /obs/bookPerPub.php bookisbn sql injectionCVE-2022-2770 | SourceCodester Simple Online Book Store System /obs/book.php bookisbn sql injectionCVE-2022-2767 | SourceCodester Online Admission System /index.php student_add cross site scriptingCVE-2022-2766 | SourceCodester Loan Management System /index.php password sql injectionCVE-2022-2776 | SourceCodester Gym Management System delete_user.php delete_user denial of serviceCVE-2022-2779 | SourceCodester Gas Agency Management System oneWord.php shell unrestricted uploadCVE-2022-2751 | SourceCodester Company Website CMS add-portfolio.php ufile unrestricted uploadCVE-2022-2746 | SourceCodester Simple Online Book Store System Admin_ add.php unrestricted uploadCVE-2022-2745 | SourceCodester Gym Management System Add New Trainer /admin/add_trainers.php trainer_name sql injectionCVE-2022-2744 | SourceCodester Gym Management System Background Management /admin/add_exercises.php exer_img unrestricted uploadCVE-2022-2750 | SourceCodester Company Website CMS Add Service add-service.php unrestricted uploadCVE-2022-2749 | SourceCodester Gym Management System index.php unrestricted uploadCVE-2022-2748 | SourceCodester Simple Online Book Store System /admin/edit.php eid cross site scriptingCVE-2022-2747 | SourceCodester Simple Online Book Store book.php book_isbn sql injectionCVE-2022-2725 | SourceCodester Company Website CMS add-blog.php cross site scriptingCVE-2022-2724 | SourceCodester Employee Management System /process/aprocess.php mailuid sql injectionCVE-2022-2723 | SourceCodester Employee Management System /process/eprocess.php mailuid/pwd sql injectionCVE-2022-2722 | SourceCodester Simple Student Information System manage_course.php id sql injectionCVE-2022-2367 | WSM Downloader Plugin up to 1.4.0 on WordPress Parameter Validation link authorizationCVE-2022-2356 | Frontend File Manager & Sharing Plugin up to 1.1.2 on WordPress File Extension unrestricted uploadCVE-2022-2269 | Website File Changes Monitor Plugin up to 1.8.2 on WordPress sql injectionCVE-2022-2046 | Directorist Plugin up to 7.2.2 on WordPress ZIP File unrestricted upload (ID 2752034)CVE-2022-2424 | Google Maps Anywhere Plugin up to 1.2.6.3 on WordPress cross site scriptingCVE-2022-1323 | Discy Theme up to 4.x on WordPress POST Request discy_update_options access controlCVE-2022-2357 | WSM Downloader Plugin up to 1.4.0 on WordPress wp-config.php file accessCVE-2022-2726 | SEMCMS Ant_Check.php DID sql injectionCVE-2022-2372 | YaySMTP Plugin up to 2.2.1 on WordPress Setting cross site scriptingCVE-2022-2371 | YaySMTP Plugin up to 2.2.0 on WordPress Setting cross site scriptingCVE-2022-2355 | Easy Username Updater Plugin up to 1.0.4 on WordPress cross-site request forgeryCVE-2022-2460 | WPDating Plugin up to 7.1.9 on WordPress sql injectionCVE-2022-2391 | Inspiro PRO Plugin on WordPress description cross site scriptingCVE-2022-2423 | DW Promobar Plugin up to 1.0.4 on WordPress Setting cross site scriptingCVE-2022-2412 | Better Tag Cloud Plugin up to 0.99.5 on WordPress Setting cross site scriptingCVE-2022-2411 | Auto More Tag Plugin up to 4.0.0 on WordPress Setting cross site scriptingCVE-2022-2410 | mTouch Quiz Plugin up to 3.1.3 on WordPress Setting cross site scriptingCVE-2022-2409 | Rough Chart Plugin up to 1.0.0 on WordPress Data Label cross site scriptingCVE-2022-2398 | Comments Fields Plugin up to 4.0 on WordPress Field Error Message cross site scriptingCVE-2022-2728 | SourceCodester Gym Management System /mygym/admin/index.php edit_tran sql injectionCVE-2022-2727 | SourceCodester Gym Management System /mygym/admin/login.php admin_email/admin_pass sql injectionCVE-2022-2395 | weForms Plugin up to 1.6.13 on WordPress Setting cross site scriptingCVE-2022-2386 | Crowdsignal Dashboard Plugin up to 3.0.7 on WordPress cross site scriptingCVE-2022-2736 | SourceCodester Company Website CMS Background Upload Logo Icon updatelogo.php xfile/ufile unrestricted uploadCVE-2022-2733 | OpenEMR up to 7.0.0.0 cross site scriptingCVE-2022-2731 | OpenEMR up to 7.0.0.0 cross site scriptingCVE-2022-2729 | OpenEMR up to 7.0.0.0 cross site scriptingCVE-2022-2734 | OpenEMR up to 7.0.0.0 improper restriction of rendered ui layersCVE-2022-2732 | OpenEMR up to 7.0.0.0 privileges managementCVE-2022-2730 | OpenEMR up to 7.0.0.0 authorizationCVE-2022-2740 | SourceCodester Company Website CMS Add Blog /dashboard/add-blog.php ufile unrestricted uploadCVE-2022-2715 | SourceCodester Employee Management System eloginwel.php id sql injectionCuteEditor For PHP 6.6 Directory TraversalCVE-2022-2708 | SourceCodester Gym Management System login.php user_login sql injectionThe Discy WordPress theme before 5.0 lacks authorization checks then processing ajax requests to the discy_update_options action, allowing any logged in users (with privileges as low as Subscriber,) to change Theme options by sending a crafted POSTCVE-2022-2698 | SourceCodester Simple E-Learning System search.php searchPost sql injectionCVE-2022-2697 | SourceCodester Simple E-Learning System comment_frame.php post_id sql injectionCVE-2022-2702 | SourceCodester Company Website CMS Cookie site-settings.php access controlCVE-2022-2707 | SourceCodester Online Class and Exam Scheduling System 1.0 /pages/faculty_sched.php faculty sql injectionCVE-2022-2706 | SourceCodester Online Class and Exam Scheduling System 1.0 /pages/class_sched.php class sql injectionCVE-2022-2705 | SourceCodester Simple Student Information System manage_department.php id sql injectionCVE-2022-2704 | SourceCodester Simple E-Learning System downloadFiles.php download information disclosureWordPress Ecwid Ecommerce Shopping Cart 6.10.23 Cross Site Request ForgeryWordPress Testimonial Slider And Showcase 2.2.6 Cross Site ScriptingActive PHP Bookmarks v1.3 - Sql Injection VulnerabilityCVE-2022-31132 | Nextcloud Mail up to 1.12.6/1.13.5 CSS Minifier css_optimiser.php server-side request forgery (GHSA-24pm-rjfv-23mh)CVE-2022-2674 | SourceCodester Best Fee Management System admin_class.php login username sql injection