PHP
Monthly
SQL injection in the News Portal Project 1.0 /admin/contactus.php endpoint allows unauthenticated remote attackers to manipulate the pagetitle parameter and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. Successful exploitation could enable data theft, modification, or denial of service against affected installations.
SQL injection in itsourcecode Document Management System 1.0 via the Username parameter in /register.php allows unauthenticated remote attackers to execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. Affected systems face potential data theft, modification, and denial of service through successful exploitation.
SQL injection in itsourcecode College Management System 1.0 via the teacher_id parameter in /admin/teacher-salary.php enables unauthenticated remote attackers to execute arbitrary database queries and manipulate sensitive payroll data. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects confidentiality, integrity, and availability of the system.
SQL injection in itsourcecode College Management System 1.0's login functionality allows remote attackers to manipulate the email parameter and execute arbitrary SQL queries without authentication. Public exploit code exists for this vulnerability, enabling immediate attack capability against unpatched systems. The flaw permits data disclosure, modification, and potential service disruption with a CVSS score of 7.3.
SQL injection in itsourcecode College Management System 1.0's teacher management interface allows authenticated attackers to manipulate the teacher_id parameter in /admin/display-teacher.php and execute arbitrary database queries. Public exploit code exists for this vulnerability, enabling remote exploitation by users with administrative access. The vulnerability remains unpatched and carries medium severity with potential for data confidentiality, integrity, and availability compromise.
College Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 6.3).
Simple And Nice Shopping Cart Script versions up to 1.0 contains a security vulnerability (CVSS 7.3).
SQL injection in the SPIP interface_traduction_objets plugin before version 2.2.2 allows authenticated editors to execute arbitrary database queries through unsanitized input in translation request parameters. Attackers can exploit this to read, modify, or delete database contents, or cause denial of service. A patch is available and should be applied immediately to affected installations.
Remote code execution in FreeScout prior to version 1.8.206 allows authenticated users to upload `.htaccess` files that bypass file upload restrictions, enabling arbitrary code execution on Apache servers with `AllowOverride All` enabled. Public exploit code exists for this vulnerability. The attack requires valid user credentials but affects all FreeScout installations using the vulnerable PHP Laravel framework configuration.
Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871a14c192d1fb8146cdbc76f29f27c1cf48, the Talishar application lacks Cross-Site Request Forgery (CSRF) protections on critical state-changing endpoints, specifically within `SubmitChat.php` and other game interaction handlers. [CVSS 2.6 LOW]
OpenEMR versions prior to 8.0.0 contain a broken access control flaw in the order types management system that allows low-privilege users (such as receptionists) to create and modify procedure types without proper authorization. Public exploit code exists for this vulnerability, which has a CVSS score of 8.8 and could enable unauthorized users to manipulate critical medical procedure data. The vulnerability has been patched in version 8.0.0 and later.
OpenEMR prior to version 8.0.0 allows low-privileged users to export sensitive patient and medical data through the message_list.php report functionality due to missing access controls. The vulnerability affects receptionists and similar roles who can bypass authorization checks to extract entire message databases containing confidential information. Public exploit code exists for this issue, though a patch is available in version 8.0.0 and later.
OpenEMR versions before 8.0.0 contain an improper access control flaw in the edih_main.php endpoint that allows any authenticated user, including low-privilege accounts like Receptionists, to retrieve sensitive EDI log files by manipulating the log_select parameter. The vulnerability bypasses role-based access controls that should restrict access through the GUI, enabling unauthorized disclosure of system logs. Public exploit code exists for this issue, which is fixed in version 8.0.0.
Path traversal in OpenEMR electronic health records before fix allows authenticated users to read arbitrary files on the server, potentially exposing patient health data. PoC and patch available.
SQL injection in itsourcecode News Portal Project 1.0 via the Category parameter in /admin/add-category.php allows unauthenticated remote attackers to manipulate database queries. Public exploit code is available for this vulnerability, and no patch has been released, leaving affected installations vulnerable to data exfiltration, modification, or deletion. The attack requires no user interaction and can be executed over the network with a CVSS score of 7.3.
SQL injection in itsourcecode News Portal Project 1.0's category editing functionality allows unauthenticated remote attackers to manipulate the Category parameter and execute arbitrary SQL queries. Public exploit code is available for this vulnerability, increasing the likelihood of active exploitation. Currently, no patch is available to remediate this issue.
SQL injection in itsourcecode Document Management System 1.0 login functionality allows unauthenticated remote attackers to manipulate the Username parameter and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires only network access with no user interaction, enabling attackers to potentially read, modify, or delete sensitive data within the application.
Stored XSS in GetSimpleCMS Community Edition 3.3.16 allows authenticated administrators to inject malicious JavaScript through the component slug field, which persists in XML storage and executes when other users access the Components page. An attacker with admin privileges can exploit this to hijack sessions, perform unauthorized administrative actions, and persistently compromise the CMS interface for all authenticated users. The vulnerability affects PHP-based GetSimpleCMS installations and currently has no available patch.
Piwigo is an open source photo gallery application for the web. In version 15.5.0 and likely earlier 15.x releases, the password reset functionality in Piwigo allows an unauthenticated attacker to determine whether a given username or email address exists in the system. [CVSS 5.3 MEDIUM]
FastCGI path splitting vulnerability in Caddy before 2.11.1 allows request smuggling or path confusion when proxying to FastCGI backends (PHP-FPM). EPSS 0.19% with PoC available.
Server-side request forgery in AVideo prior to version 22.0 allows authenticated users to make arbitrary outbound requests from the affected server via an unvalidated downloadURL parameter in the aVideoEncoder.json.php endpoint. An attacker can exploit this to probe internal network services, access metadata endpoints, and retrieve sensitive data, potentially leading to further system compromise. This affects PHP deployments running vulnerable AVideo versions.
PHP function injection in Slican NCP/IPL/IPM/IPU VOIP devices allows unauthenticated remote attackers to execute arbitrary PHP functions. Network telecommunications equipment vulnerability.
A vulnerability was determined in MuYuCMS 2.7. Affected is the function delete_dir_file of the file application/admin/controller/Template.php of the component Template Management Page. [CVSS 3.8 LOW]
The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment with a malicious link when lightbox for comments are enabled and then approved. [CVSS 8.8 HIGH]
Reflected XSS in SourceCodester Modern Image Gallery App 1.0 allows unauthenticated remote attackers to inject malicious scripts through the filename parameter in upload.php. Public exploit code exists for this vulnerability, though it requires user interaction to succeed. No patch is currently available.
SQL injection in itsourcecode Document Management System 1.0 via the field1 parameter in /edtlbls.php enables unauthenticated remote attackers to compromise data confidentiality, integrity, and availability. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and can be executed over the network with minimal complexity.
Document Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).
SQL injection in PearProjectApi up to version 2.8.10 allows authenticated attackers to execute arbitrary SQL queries through the projectCode parameter in the dateTotalForProject function. Public exploit code exists for this vulnerability, enabling remote attacks with potential to read, modify, or delete database contents. The vendor has not released a patch despite early notification.
E-Logbook With Health Monitoring System For Covid-19 versions up to 1.0 contains a security vulnerability (CVSS 7.3).
Reflected cross-site scripting in itsourcecode Event Management System 1.0 allows unauthenticated remote attackers to inject malicious scripts via the page parameter in /admin/navbar.php. Public exploit code exists for this vulnerability, enabling attackers to steal session tokens or perform actions on behalf of administrators. No patch is currently available.
SQL injection in itsourcecode Event Management System 1.0 allows unauthenticated remote attackers to manipulate the ID parameter in /admin/index.php and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. Attackers can leverage this to access, modify, or delete sensitive data with confidentiality, integrity, and availability impact.
Aruba HiSpeed Cache (aruba-hispeed-cache) WordPress plugin versions prior to 3.0.5 contain a cross-site request forgery (CSRF) vulnerability affecting multiple administrative AJAX actions.
Society Management System Portal versions up to 1.0 is affected by cross-site scripting (xss) (CVSS 6.1).
Student Result Management System versions up to 1.0 is affected by improper resource shutdown or release (CVSS 6.5).
Reflected Cross-Site Scripting (XSS) vulnerability in PideTuCita. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL using the endpoint 'cookies/indes.php/<XSS>'.
SourceCodester Student Result Management System 1.0 contains improper access controls in the bulk user import functionality that allows unauthenticated remote attackers to manipulate file parameters and gain unauthorized access. Public exploit code exists for this vulnerability, though no patch is currently available. The attack requires no user interaction and can be exploited over the network with basic complexity.
SQL injection vulnerability in Infoticketing. This vulnerability allows an unauthenticated attacker to retrieve, create, update, and delete the database by sending a POST request using the 'code' parameter in '/components/cart/cartApplyDiscount.php'.
Remote code execution in Vaelsys 4.1.0 allows unauthenticated attackers to execute arbitrary OS commands via malicious xajaxargs parameters sent to the /tree/tree_server.php endpoint. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. This network-accessible flaw poses immediate risk to exposed Vaelsys installations.
Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. [CVSS 7.5 HIGH]
Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. [CVSS 7.5 HIGH]
DIGIT CENTRIS ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the datum1, datum2, KID, and PID parameters. [CVSS 8.2 HIGH]
Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. [CVSS 8.2 HIGH]
WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the prod_id parameter. [CVSS 8.2 HIGH]
XOOPS CMS 2.5.9 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. [CVSS 8.2 HIGH]
Ashop Shopping Cart Software contains a time-based blind SQL injection vulnerability that allows attackers to manipulate database queries through the blacklistitemid parameter. [CVSS 8.2 HIGH]
Remote code execution in Tosei Online Store Management System 1.01 allows unauthenticated attackers to execute arbitrary OS commands through the DevId parameter in /cgi-bin/monitor.php. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. The attack requires no user interaction and is exploitable over the network.
Cross-site scripting in SapneshNaik Student Management System allows remote attackers to inject malicious scripts through the Error parameter in index.php, with public exploit code available. The vulnerability requires user interaction to trigger and has a low CVSS score of 4.3, but no patch is currently available from the unresponsive vendor.
Improper access control in SourceCodester Student Result Management System 1.0 allows unauthenticated remote attackers to manipulate the SMTP configuration through the update_smtp.php endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. Affected organizations running vulnerable PHP-based installations face potential compromise of email settings and system integrity.
A security vulnerability has been detected in YiFang CMS up to 2.0.5. This impacts the function update of the file app/db/admin/D_friendLinkGroup.php of the component Extended Management Module. [CVSS 2.4 LOW]
A weakness has been identified in YiFang CMS up to 2.0.5. This affects the function update of the file app/db/admin/D_adManage.php of the component Extended Management Module. [CVSS 2.4 LOW]
A security flaw has been discovered in YiFang CMS up to 2.0.5. The impacted element is the function update of the file app/db/admin/D_adPosition.php of the component Extended Management Module. [CVSS 2.4 LOW]
SQL injection in Online Reviewer System 1.0 allows unauthenticated remote attackers to manipulate the test_id parameter in the student results view functionality, enabling unauthorized database access and potential data modification. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected installations at immediate risk.
Funadmin up to version 7.1.0-rc4 contains an unsafe deserialization vulnerability in the AuthCloudService.php getMember function that allows authenticated remote attackers to manipulate the cloud_account parameter and execute arbitrary code. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.
Funadmin versions up to 7.1.0 contains a vulnerability that allows attackers to improper authorization (CVSS 7.3).
A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forget_code/vercode results in weak password recovery. Remote exploitation of the attack is possible. The attack's complexity is rated as high. The exploitation is known to be difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about...
Vehicle Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).
The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to unauthorized form deletion in all versions up to, and including, 2.0.7. [CVSS 6.5 MEDIUM]
SQL injection in the Agri Trading Online Shopping System 1.0 admin panel allows unauthenticated remote attackers to manipulate product parameters and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects the HTTP POST request handler in admin/productcontroller.php and enables data exfiltration, modification, and potential denial of service.
SQL injection in ZoneMinder's status.php getNearEvents() function allows authenticated users with event management permissions to execute arbitrary database queries through improperly sanitized Event Name and Cause fields in versions 1.36.37 and below or 1.37.61 through 1.38.0. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker could extract sensitive data, modify database contents, or potentially achieve code execution depending on database permissions and configuration.
Zumba Json Serializer versions 3.2.2 and below allow unrestricted PHP object instantiation during JSON deserialization, enabling attackers to trigger arbitrary class constructors and magic methods via malicious @type fields. When processing untrusted JSON input, this vulnerability can lead to PHP Object Injection and remote code execution if vulnerable gadget chains are present in the application or its dependencies. The vulnerability affects applications using affected PHP serialization libraries and currently lacks a patched version.
Remote code execution in Deciso OPNsense's backup functionality allows authenticated network-adjacent attackers to execute arbitrary commands with root privileges through insufficient input validation in the diag_backup.php file. An attacker with valid credentials can inject malicious commands into backup filename parameters to achieve code execution on the affected system. No patch is currently available for this vulnerability.
phpMoAdmin 1.1.5 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the collection parameter. [CVSS 6.1 MEDIUM]
phpMoAdmin 1.1.5 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the newdb parameter. [CVSS 6.1 MEDIUM]
phpMoAdmin 1.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized database operations by crafting malicious requests. [CVSS 8.8 HIGH]
LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. [CVSS 7.5 HIGH]
Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability that allows authenticated users to upload and execute PHP files through the elfinder filemanager module. [CVSS 8.8 HIGH]
Unsafe PHP deserialization in openITCOCKPIT Community Edition 5.3.1 and earlier allows authenticated attackers to inject malicious serialized objects through changelog entries, with public exploit code available. While no current attack path has been identified, an unrestricted unserialize() call creates a latent remote code execution vulnerability that could be exploited if future code changes introduce exploitable object types into the deserialization path. Authenticated access is required, but the HIGH severity rating reflects the potential for complete system compromise if this latent flaw is activated.
Fiverr Clone Script 1.2.2 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the keyword parameter. [CVSS 6.1 MEDIUM]
Remote code execution in openITCOCKPIT 5.3.1 and earlier via unsafe deserialization in the Gearman worker component, which calls unserialize() on untrusted job payloads without validation or class restrictions. Attackers can exploit this by submitting crafted serialized objects to trigger PHP Object Injection when Gearman is exposed to untrusted networks. Public exploit code exists for this vulnerability, and no patch is currently available.
SQL injection in SourceCodester Simple Responsive Tourism Website 1.0 allows unauthenticated remote attackers to manipulate the Username parameter during registration, potentially enabling data exfiltration, modification, or denial of service. Public exploit code exists for this vulnerability, and no patch is currently available.
SVXportal 2.5 and earlier allows authenticated users to inject malicious scripts into user profile fields (firstname, lastname, email, image_url) that execute in administrators' browsers when viewing user management pages. An attacker with a valid account can exploit this stored XSS vulnerability to perform administrative actions or steal session credentials by targeting users with higher privileges. No patch is currently available for this vulnerability.
SVXportal version 2.5 and earlier allow unauthenticated attackers to perform stored cross-site scripting attacks through the user registration form, where unencoded user inputs are persisted and executed in administrator browsers. An attacker can inject malicious JavaScript via registration fields like firstname, lastname, or email that will trigger when administrators access the users management interface. No patch is currently available for this vulnerability.
SVXportal 2.5 and earlier allows authenticated attackers to inject arbitrary scripts through an unsanitized stationid parameter in radiomobile_front.php, which executes in an administrator's browser context when they visit a crafted URL. This reflected XSS vulnerability enables attackers to hijack admin sessions or execute unauthorized actions with administrative privileges. No patch is currently available.
Reflected XSS in SVXportal 2.5 and earlier allows attackers to inject malicious JavaScript through the search parameter in admin/log.php, which executes in administrators' browsers when they visit a crafted URL. An authenticated attacker could exploit this to steal admin sessions, forge administrative actions, or perform other browser-based attacks with elevated privileges. No patch is currently available.
Reflected XSS in SVXportal 2.5 and earlier allows unauthenticated attackers to inject malicious JavaScript through an unsanitized search parameter in log.php, enabling session hijacking or unauthorized actions when victims click a crafted link. The vulnerability requires user interaction but has no authentication requirement and affects all users of the vulnerable versions.
Host Header Poisoning in Monica 4.1.2 CRM. PoC available.
Open Source Point Of Sale versions up to 3.4.1 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
Auth bypass in Smanga 3.2.7 allows unauthenticated password reset for any user including admin.
A weakness has been identified in detronetdip E-commerce 1.0.0. This affects the function get_safe_value of the file utility/function.php. [CVSS 3.5 LOW]
Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends is affected by php remote file inclusion (CVSS 8.1).
Local file inclusion in AncoraThemes Unlimhost through version 1.2.3 allows unauthenticated attackers to read arbitrary files from the server via improper handling of include/require statements. The vulnerability carries high confidentiality and integrity impact, enabling attackers to potentially access sensitive configuration files or execute code through log poisoning techniques. No patch is currently available for this issue.
AncoraThemes Netmix versions 1.0.10 and earlier contain a local file inclusion vulnerability in PHP file handling that allows unauthenticated remote attackers to read sensitive files from the affected system. The vulnerability stems from improper validation of filenames in include/require statements, enabling attackers to traverse directories and access arbitrary files on the server. No patch is currently available for this high-severity issue (CVSS 8.1).
Blabber through version 1.7.0 contains a local file inclusion vulnerability in its PHP code that allows unauthenticated attackers to read arbitrary files from the server. An attacker can exploit improper filename validation in include/require statements to access sensitive system files without authentication. No patch is currently available for this high-severity vulnerability affecting PHP environments.
Local file inclusion in AncoraThemes Saveo through version 1.1.2 enables unauthenticated attackers to read arbitrary files on affected servers through improper input validation on file inclusion functions. The vulnerability carries high severity with complete confidentiality and integrity impacts, though no patch is currently available.
AncoraThemes Parkivia through version 1.1.9 contains a local file inclusion vulnerability in its PHP include/require handling that allows unauthenticated remote attackers to read arbitrary files from the server. The vulnerability exploits improper filename control mechanisms to access sensitive system files without authentication. No patch is currently available, and exploitation requires moderate attack complexity but results in high confidentiality, integrity, and availability impact.
AncoraThemes Impacto Patronus through version 1.2.3 contains a local file inclusion vulnerability in its PHP include/require handling that allows attackers to read arbitrary files on the server. An unauthenticated remote attacker can exploit this vulnerability to access sensitive configuration files, credentials, and other protected data without authentication. No patch is currently available for this vulnerability.
AncoraThemes Zio Alberto through version 1.2.2 contains a local file inclusion vulnerability in its PHP file handling that allows unauthenticated attackers to read arbitrary files from the server. The vulnerability stems from improper validation of file paths in include/require statements, enabling attackers to traverse the filesystem and access sensitive data. No patch is currently available for this issue.
PHP Local File Inclusion in AncoraThemes Fooddy through version 1.3.10 enables attackers to read arbitrary files on the server through improper input validation in file inclusion mechanisms. An unauthenticated remote attacker can exploit this vulnerability over the network to access sensitive files and potentially execute arbitrary code, achieving high impact on confidentiality, integrity, and availability. No patch is currently available for this vulnerability.
AncoraThemes Isida through version 1.4.2 contains a local file inclusion vulnerability in its PHP file handling that allows unauthenticated attackers to read arbitrary files from the server. The flaw stems from improper validation of include/require statements, enabling attackers to access sensitive files and potentially execute arbitrary code. No patch is currently available, and exploitation requires moderate complexity conditions.
AncoraThemes Gustavo plugin version 1.2.2 and earlier contains a local file inclusion vulnerability in its PHP file handling that allows unauthenticated remote attackers to read arbitrary files from the server. The vulnerability stems from improper validation of filenames in include/require statements, enabling attackers to traverse the filesystem and access sensitive data. With no available patch, affected sites running vulnerable versions face significant risk of information disclosure.
SQL injection in the News Portal Project 1.0 /admin/contactus.php endpoint allows unauthenticated remote attackers to manipulate the pagetitle parameter and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. Successful exploitation could enable data theft, modification, or denial of service against affected installations.
SQL injection in itsourcecode Document Management System 1.0 via the Username parameter in /register.php allows unauthenticated remote attackers to execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. Affected systems face potential data theft, modification, and denial of service through successful exploitation.
SQL injection in itsourcecode College Management System 1.0 via the teacher_id parameter in /admin/teacher-salary.php enables unauthenticated remote attackers to execute arbitrary database queries and manipulate sensitive payroll data. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects confidentiality, integrity, and availability of the system.
SQL injection in itsourcecode College Management System 1.0's login functionality allows remote attackers to manipulate the email parameter and execute arbitrary SQL queries without authentication. Public exploit code exists for this vulnerability, enabling immediate attack capability against unpatched systems. The flaw permits data disclosure, modification, and potential service disruption with a CVSS score of 7.3.
SQL injection in itsourcecode College Management System 1.0's teacher management interface allows authenticated attackers to manipulate the teacher_id parameter in /admin/display-teacher.php and execute arbitrary database queries. Public exploit code exists for this vulnerability, enabling remote exploitation by users with administrative access. The vulnerability remains unpatched and carries medium severity with potential for data confidentiality, integrity, and availability compromise.
College Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 6.3).
Simple And Nice Shopping Cart Script versions up to 1.0 contains a security vulnerability (CVSS 7.3).
SQL injection in the SPIP interface_traduction_objets plugin before version 2.2.2 allows authenticated editors to execute arbitrary database queries through unsanitized input in translation request parameters. Attackers can exploit this to read, modify, or delete database contents, or cause denial of service. A patch is available and should be applied immediately to affected installations.
Remote code execution in FreeScout prior to version 1.8.206 allows authenticated users to upload `.htaccess` files that bypass file upload restrictions, enabling arbitrary code execution on Apache servers with `AllowOverride All` enabled. Public exploit code exists for this vulnerability. The attack requires valid user credentials but affects all FreeScout installations using the vulnerable PHP Laravel framework configuration.
Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871a14c192d1fb8146cdbc76f29f27c1cf48, the Talishar application lacks Cross-Site Request Forgery (CSRF) protections on critical state-changing endpoints, specifically within `SubmitChat.php` and other game interaction handlers. [CVSS 2.6 LOW]
OpenEMR versions prior to 8.0.0 contain a broken access control flaw in the order types management system that allows low-privilege users (such as receptionists) to create and modify procedure types without proper authorization. Public exploit code exists for this vulnerability, which has a CVSS score of 8.8 and could enable unauthorized users to manipulate critical medical procedure data. The vulnerability has been patched in version 8.0.0 and later.
OpenEMR prior to version 8.0.0 allows low-privileged users to export sensitive patient and medical data through the message_list.php report functionality due to missing access controls. The vulnerability affects receptionists and similar roles who can bypass authorization checks to extract entire message databases containing confidential information. Public exploit code exists for this issue, though a patch is available in version 8.0.0 and later.
OpenEMR versions before 8.0.0 contain an improper access control flaw in the edih_main.php endpoint that allows any authenticated user, including low-privilege accounts like Receptionists, to retrieve sensitive EDI log files by manipulating the log_select parameter. The vulnerability bypasses role-based access controls that should restrict access through the GUI, enabling unauthorized disclosure of system logs. Public exploit code exists for this issue, which is fixed in version 8.0.0.
Path traversal in OpenEMR electronic health records before fix allows authenticated users to read arbitrary files on the server, potentially exposing patient health data. PoC and patch available.
SQL injection in itsourcecode News Portal Project 1.0 via the Category parameter in /admin/add-category.php allows unauthenticated remote attackers to manipulate database queries. Public exploit code is available for this vulnerability, and no patch has been released, leaving affected installations vulnerable to data exfiltration, modification, or deletion. The attack requires no user interaction and can be executed over the network with a CVSS score of 7.3.
SQL injection in itsourcecode News Portal Project 1.0's category editing functionality allows unauthenticated remote attackers to manipulate the Category parameter and execute arbitrary SQL queries. Public exploit code is available for this vulnerability, increasing the likelihood of active exploitation. Currently, no patch is available to remediate this issue.
SQL injection in itsourcecode Document Management System 1.0 login functionality allows unauthenticated remote attackers to manipulate the Username parameter and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires only network access with no user interaction, enabling attackers to potentially read, modify, or delete sensitive data within the application.
Stored XSS in GetSimpleCMS Community Edition 3.3.16 allows authenticated administrators to inject malicious JavaScript through the component slug field, which persists in XML storage and executes when other users access the Components page. An attacker with admin privileges can exploit this to hijack sessions, perform unauthorized administrative actions, and persistently compromise the CMS interface for all authenticated users. The vulnerability affects PHP-based GetSimpleCMS installations and currently has no available patch.
Piwigo is an open source photo gallery application for the web. In version 15.5.0 and likely earlier 15.x releases, the password reset functionality in Piwigo allows an unauthenticated attacker to determine whether a given username or email address exists in the system. [CVSS 5.3 MEDIUM]
FastCGI path splitting vulnerability in Caddy before 2.11.1 allows request smuggling or path confusion when proxying to FastCGI backends (PHP-FPM). EPSS 0.19% with PoC available.
Server-side request forgery in AVideo prior to version 22.0 allows authenticated users to make arbitrary outbound requests from the affected server via an unvalidated downloadURL parameter in the aVideoEncoder.json.php endpoint. An attacker can exploit this to probe internal network services, access metadata endpoints, and retrieve sensitive data, potentially leading to further system compromise. This affects PHP deployments running vulnerable AVideo versions.
PHP function injection in Slican NCP/IPL/IPM/IPU VOIP devices allows unauthenticated remote attackers to execute arbitrary PHP functions. Network telecommunications equipment vulnerability.
A vulnerability was determined in MuYuCMS 2.7. Affected is the function delete_dir_file of the file application/admin/controller/Template.php of the component Template Management Page. [CVSS 3.8 LOW]
The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment with a malicious link when lightbox for comments are enabled and then approved. [CVSS 8.8 HIGH]
Reflected XSS in SourceCodester Modern Image Gallery App 1.0 allows unauthenticated remote attackers to inject malicious scripts through the filename parameter in upload.php. Public exploit code exists for this vulnerability, though it requires user interaction to succeed. No patch is currently available.
SQL injection in itsourcecode Document Management System 1.0 via the field1 parameter in /edtlbls.php enables unauthenticated remote attackers to compromise data confidentiality, integrity, and availability. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and can be executed over the network with minimal complexity.
Document Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).
SQL injection in PearProjectApi up to version 2.8.10 allows authenticated attackers to execute arbitrary SQL queries through the projectCode parameter in the dateTotalForProject function. Public exploit code exists for this vulnerability, enabling remote attacks with potential to read, modify, or delete database contents. The vendor has not released a patch despite early notification.
E-Logbook With Health Monitoring System For Covid-19 versions up to 1.0 contains a security vulnerability (CVSS 7.3).
Reflected cross-site scripting in itsourcecode Event Management System 1.0 allows unauthenticated remote attackers to inject malicious scripts via the page parameter in /admin/navbar.php. Public exploit code exists for this vulnerability, enabling attackers to steal session tokens or perform actions on behalf of administrators. No patch is currently available.
SQL injection in itsourcecode Event Management System 1.0 allows unauthenticated remote attackers to manipulate the ID parameter in /admin/index.php and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. Attackers can leverage this to access, modify, or delete sensitive data with confidentiality, integrity, and availability impact.
Aruba HiSpeed Cache (aruba-hispeed-cache) WordPress plugin versions prior to 3.0.5 contain a cross-site request forgery (CSRF) vulnerability affecting multiple administrative AJAX actions.
Society Management System Portal versions up to 1.0 is affected by cross-site scripting (xss) (CVSS 6.1).
Student Result Management System versions up to 1.0 is affected by improper resource shutdown or release (CVSS 6.5).
Reflected Cross-Site Scripting (XSS) vulnerability in PideTuCita. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL using the endpoint 'cookies/indes.php/<XSS>'.
SourceCodester Student Result Management System 1.0 contains improper access controls in the bulk user import functionality that allows unauthenticated remote attackers to manipulate file parameters and gain unauthorized access. Public exploit code exists for this vulnerability, though no patch is currently available. The attack requires no user interaction and can be exploited over the network with basic complexity.
SQL injection vulnerability in Infoticketing. This vulnerability allows an unauthenticated attacker to retrieve, create, update, and delete the database by sending a POST request using the 'code' parameter in '/components/cart/cartApplyDiscount.php'.
Remote code execution in Vaelsys 4.1.0 allows unauthenticated attackers to execute arbitrary OS commands via malicious xajaxargs parameters sent to the /tree/tree_server.php endpoint. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. This network-accessible flaw poses immediate risk to exposed Vaelsys installations.
Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. [CVSS 7.5 HIGH]
Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. [CVSS 7.5 HIGH]
DIGIT CENTRIS ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the datum1, datum2, KID, and PID parameters. [CVSS 8.2 HIGH]
Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. [CVSS 8.2 HIGH]
WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the prod_id parameter. [CVSS 8.2 HIGH]
XOOPS CMS 2.5.9 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. [CVSS 8.2 HIGH]
Ashop Shopping Cart Software contains a time-based blind SQL injection vulnerability that allows attackers to manipulate database queries through the blacklistitemid parameter. [CVSS 8.2 HIGH]
Remote code execution in Tosei Online Store Management System 1.01 allows unauthenticated attackers to execute arbitrary OS commands through the DevId parameter in /cgi-bin/monitor.php. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. The attack requires no user interaction and is exploitable over the network.
Cross-site scripting in SapneshNaik Student Management System allows remote attackers to inject malicious scripts through the Error parameter in index.php, with public exploit code available. The vulnerability requires user interaction to trigger and has a low CVSS score of 4.3, but no patch is currently available from the unresponsive vendor.
Improper access control in SourceCodester Student Result Management System 1.0 allows unauthenticated remote attackers to manipulate the SMTP configuration through the update_smtp.php endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. Affected organizations running vulnerable PHP-based installations face potential compromise of email settings and system integrity.
A security vulnerability has been detected in YiFang CMS up to 2.0.5. This impacts the function update of the file app/db/admin/D_friendLinkGroup.php of the component Extended Management Module. [CVSS 2.4 LOW]
A weakness has been identified in YiFang CMS up to 2.0.5. This affects the function update of the file app/db/admin/D_adManage.php of the component Extended Management Module. [CVSS 2.4 LOW]
A security flaw has been discovered in YiFang CMS up to 2.0.5. The impacted element is the function update of the file app/db/admin/D_adPosition.php of the component Extended Management Module. [CVSS 2.4 LOW]
SQL injection in Online Reviewer System 1.0 allows unauthenticated remote attackers to manipulate the test_id parameter in the student results view functionality, enabling unauthorized database access and potential data modification. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected installations at immediate risk.
Funadmin up to version 7.1.0-rc4 contains an unsafe deserialization vulnerability in the AuthCloudService.php getMember function that allows authenticated remote attackers to manipulate the cloud_account parameter and execute arbitrary code. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.
Funadmin versions up to 7.1.0 contains a vulnerability that allows attackers to improper authorization (CVSS 7.3).
A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forget_code/vercode results in weak password recovery. Remote exploitation of the attack is possible. The attack's complexity is rated as high. The exploitation is known to be difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about...
Vehicle Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).
The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to unauthorized form deletion in all versions up to, and including, 2.0.7. [CVSS 6.5 MEDIUM]
SQL injection in the Agri Trading Online Shopping System 1.0 admin panel allows unauthenticated remote attackers to manipulate product parameters and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects the HTTP POST request handler in admin/productcontroller.php and enables data exfiltration, modification, and potential denial of service.
SQL injection in ZoneMinder's status.php getNearEvents() function allows authenticated users with event management permissions to execute arbitrary database queries through improperly sanitized Event Name and Cause fields in versions 1.36.37 and below or 1.37.61 through 1.38.0. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker could extract sensitive data, modify database contents, or potentially achieve code execution depending on database permissions and configuration.
Zumba Json Serializer versions 3.2.2 and below allow unrestricted PHP object instantiation during JSON deserialization, enabling attackers to trigger arbitrary class constructors and magic methods via malicious @type fields. When processing untrusted JSON input, this vulnerability can lead to PHP Object Injection and remote code execution if vulnerable gadget chains are present in the application or its dependencies. The vulnerability affects applications using affected PHP serialization libraries and currently lacks a patched version.
Remote code execution in Deciso OPNsense's backup functionality allows authenticated network-adjacent attackers to execute arbitrary commands with root privileges through insufficient input validation in the diag_backup.php file. An attacker with valid credentials can inject malicious commands into backup filename parameters to achieve code execution on the affected system. No patch is currently available for this vulnerability.
phpMoAdmin 1.1.5 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the collection parameter. [CVSS 6.1 MEDIUM]
phpMoAdmin 1.1.5 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the newdb parameter. [CVSS 6.1 MEDIUM]
phpMoAdmin 1.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized database operations by crafting malicious requests. [CVSS 8.8 HIGH]
LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. [CVSS 7.5 HIGH]
Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability that allows authenticated users to upload and execute PHP files through the elfinder filemanager module. [CVSS 8.8 HIGH]
Unsafe PHP deserialization in openITCOCKPIT Community Edition 5.3.1 and earlier allows authenticated attackers to inject malicious serialized objects through changelog entries, with public exploit code available. While no current attack path has been identified, an unrestricted unserialize() call creates a latent remote code execution vulnerability that could be exploited if future code changes introduce exploitable object types into the deserialization path. Authenticated access is required, but the HIGH severity rating reflects the potential for complete system compromise if this latent flaw is activated.
Fiverr Clone Script 1.2.2 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the keyword parameter. [CVSS 6.1 MEDIUM]
Remote code execution in openITCOCKPIT 5.3.1 and earlier via unsafe deserialization in the Gearman worker component, which calls unserialize() on untrusted job payloads without validation or class restrictions. Attackers can exploit this by submitting crafted serialized objects to trigger PHP Object Injection when Gearman is exposed to untrusted networks. Public exploit code exists for this vulnerability, and no patch is currently available.
SQL injection in SourceCodester Simple Responsive Tourism Website 1.0 allows unauthenticated remote attackers to manipulate the Username parameter during registration, potentially enabling data exfiltration, modification, or denial of service. Public exploit code exists for this vulnerability, and no patch is currently available.
SVXportal 2.5 and earlier allows authenticated users to inject malicious scripts into user profile fields (firstname, lastname, email, image_url) that execute in administrators' browsers when viewing user management pages. An attacker with a valid account can exploit this stored XSS vulnerability to perform administrative actions or steal session credentials by targeting users with higher privileges. No patch is currently available for this vulnerability.
SVXportal version 2.5 and earlier allow unauthenticated attackers to perform stored cross-site scripting attacks through the user registration form, where unencoded user inputs are persisted and executed in administrator browsers. An attacker can inject malicious JavaScript via registration fields like firstname, lastname, or email that will trigger when administrators access the users management interface. No patch is currently available for this vulnerability.
SVXportal 2.5 and earlier allows authenticated attackers to inject arbitrary scripts through an unsanitized stationid parameter in radiomobile_front.php, which executes in an administrator's browser context when they visit a crafted URL. This reflected XSS vulnerability enables attackers to hijack admin sessions or execute unauthorized actions with administrative privileges. No patch is currently available.
Reflected XSS in SVXportal 2.5 and earlier allows attackers to inject malicious JavaScript through the search parameter in admin/log.php, which executes in administrators' browsers when they visit a crafted URL. An authenticated attacker could exploit this to steal admin sessions, forge administrative actions, or perform other browser-based attacks with elevated privileges. No patch is currently available.
Reflected XSS in SVXportal 2.5 and earlier allows unauthenticated attackers to inject malicious JavaScript through an unsanitized search parameter in log.php, enabling session hijacking or unauthorized actions when victims click a crafted link. The vulnerability requires user interaction but has no authentication requirement and affects all users of the vulnerable versions.
Host Header Poisoning in Monica 4.1.2 CRM. PoC available.
Open Source Point Of Sale versions up to 3.4.1 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
Auth bypass in Smanga 3.2.7 allows unauthenticated password reset for any user including admin.
A weakness has been identified in detronetdip E-commerce 1.0.0. This affects the function get_safe_value of the file utility/function.php. [CVSS 3.5 LOW]
Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends is affected by php remote file inclusion (CVSS 8.1).
Local file inclusion in AncoraThemes Unlimhost through version 1.2.3 allows unauthenticated attackers to read arbitrary files from the server via improper handling of include/require statements. The vulnerability carries high confidentiality and integrity impact, enabling attackers to potentially access sensitive configuration files or execute code through log poisoning techniques. No patch is currently available for this issue.
AncoraThemes Netmix versions 1.0.10 and earlier contain a local file inclusion vulnerability in PHP file handling that allows unauthenticated remote attackers to read sensitive files from the affected system. The vulnerability stems from improper validation of filenames in include/require statements, enabling attackers to traverse directories and access arbitrary files on the server. No patch is currently available for this high-severity issue (CVSS 8.1).
Blabber through version 1.7.0 contains a local file inclusion vulnerability in its PHP code that allows unauthenticated attackers to read arbitrary files from the server. An attacker can exploit improper filename validation in include/require statements to access sensitive system files without authentication. No patch is currently available for this high-severity vulnerability affecting PHP environments.
Local file inclusion in AncoraThemes Saveo through version 1.1.2 enables unauthenticated attackers to read arbitrary files on affected servers through improper input validation on file inclusion functions. The vulnerability carries high severity with complete confidentiality and integrity impacts, though no patch is currently available.
AncoraThemes Parkivia through version 1.1.9 contains a local file inclusion vulnerability in its PHP include/require handling that allows unauthenticated remote attackers to read arbitrary files from the server. The vulnerability exploits improper filename control mechanisms to access sensitive system files without authentication. No patch is currently available, and exploitation requires moderate attack complexity but results in high confidentiality, integrity, and availability impact.
AncoraThemes Impacto Patronus through version 1.2.3 contains a local file inclusion vulnerability in its PHP include/require handling that allows attackers to read arbitrary files on the server. An unauthenticated remote attacker can exploit this vulnerability to access sensitive configuration files, credentials, and other protected data without authentication. No patch is currently available for this vulnerability.
AncoraThemes Zio Alberto through version 1.2.2 contains a local file inclusion vulnerability in its PHP file handling that allows unauthenticated attackers to read arbitrary files from the server. The vulnerability stems from improper validation of file paths in include/require statements, enabling attackers to traverse the filesystem and access sensitive data. No patch is currently available for this issue.
PHP Local File Inclusion in AncoraThemes Fooddy through version 1.3.10 enables attackers to read arbitrary files on the server through improper input validation in file inclusion mechanisms. An unauthenticated remote attacker can exploit this vulnerability over the network to access sensitive files and potentially execute arbitrary code, achieving high impact on confidentiality, integrity, and availability. No patch is currently available for this vulnerability.
AncoraThemes Isida through version 1.4.2 contains a local file inclusion vulnerability in its PHP file handling that allows unauthenticated attackers to read arbitrary files from the server. The flaw stems from improper validation of include/require statements, enabling attackers to access sensitive files and potentially execute arbitrary code. No patch is currently available, and exploitation requires moderate complexity conditions.
AncoraThemes Gustavo plugin version 1.2.2 and earlier contains a local file inclusion vulnerability in its PHP file handling that allows unauthenticated remote attackers to read arbitrary files from the server. The vulnerability stems from improper validation of filenames in include/require statements, enabling attackers to traverse the filesystem and access sensitive data. With no available patch, affected sites running vulnerable versions face significant risk of information disclosure.