Medium
CVE-2023-49969
Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parameter at /customer_support/index.php?page=edit_customer.
Tag: PHP
All CVEs associated with "PHP". Page 93/312 • 37356 CVEs.
Subscribe CVEs: RSS for “PHP” · RSS (High+Critical only)
About “PHP”
A curated feed of “PHP”-related CVEs appears below. We currently track 37356 CVEs for this tag (all time). In the last 365 days, 6046 were published. Average CVSS is 6.7 (all time; 6.9 over 365d), and 50% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion').
In our taxonomy this topic maps to a LOW impact class. Language runtimes and libraries cascade through dependency graphs. Upgrade runtime and toolchain, pin versions, rebuild images, and enable SAST or DAST and linters. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2024-03-05
High
CVE-2023-49968
Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parameter at /customer_support/manage_department.php.
High
CVE-2023-49548
Customer Support System v1 was discovered to contain a SQL injection vulnerability via the lastname parameter at /customer_support/ajax.php?action=save_user.
Critical
CVE-2023-49547
Customer Support System v1 was discovered to contain a SQL injection vulnerability via the username parameter at /customer_support/ajax.php?action=login.
High
CVE-2023-49546
Customer Support System v1 was discovered to contain a SQL injection vulnerability via the email parameter at /customer_support/ajax.php.
2024-03-04
Medium
CVE-2024-2168
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/operations/expense_cat…
Medium
CVE-2024-2156
A vulnerability was found in SourceCodester Best POS Management System 1.0. It has been classified as critical. Affected is an unknown function of the file admin_class.php. The manipulation of the ar…
Medium
CVE-2024-2155
A vulnerability was found in SourceCodester Best POS Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the arg…
Medium
CVE-2024-2154
A vulnerability has been found in SourceCodester Online Mobile Management Store 1.0 and classified as critical. This vulnerability affects unknown code of the file view_product.php. The manipulation…
Medium
CVE-2024-2153
A vulnerability, which was classified as critical, was found in SourceCodester Online Mobile Management Store 1.0. This affects an unknown part of the file /admin/orders/view_order.php. The manipulat…
Medium
CVE-2024-2152
A vulnerability, which was classified as critical, has been found in SourceCodester Online Mobile Management Store 1.0. Affected by this issue is some unknown functionality of the file /admin/product…
2024-03-03
Medium
CVE-2024-2149
A vulnerability classified as critical was found in CodeAstro Membership Management System 1.0. This vulnerability affects unknown code of the file settings.php. The manipulation of the argument curr…
Medium
CVE-2024-2148
A vulnerability classified as critical has been found in SourceCodester Online Mobile Management Store 1.0. This affects an unknown part of the file /classes/Users.php. The manipulation of the argume…
High
CVE-2024-2147
A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/login.php. The m…
Low
CVE-2024-2145
A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been classified as problematic. Affected is an unknown function of the file /endpoint/update-tracker.php. The ma…
2024-03-02
Medium
CVE-2024-1592
The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.6. This is due to missing or incorrect nonce valida…
2024-03-01
Critical
CVE-2024-27747
File Upload vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email Image parameter in the profile.php component.
Critical
CVE-2024-27746
SQL Injection vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email address parameter in the index.php component.
Medium
CVE-2024-27744
Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the image parameter in the profile.php component.
Medium
CVE-2024-27743
Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the Address parameter in the add_invoices.php componen…
Medium
CVE-2023-49544
A local file inclusion (LFI) in Customer Support System v1 allows attackers to include internal PHP files and gain unauthorized acces via manipulation of the page= parameter at /customer_support/inde…
Medium
CVE-2023-49540
Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/history. This vulnerability allows attackers to execute arbitrary web scri…
Medium
CVE-2023-49539
Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/category. This vulnerability allows attackers to execute arbitrary web scr…
Medium
CVE-2024-2077
A vulnerability classified as critical has been found in SourceCodester Simple Online Bidding System 1.0. This affects an unknown part of the file index.php. The manipulation of the argument category…
Medium
CVE-2024-2076
A vulnerability was found in CodeAstro House Rental Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file booking.php/owner.php/ten…
Low
CVE-2024-2075
A vulnerability was found in SourceCodester Daily Habit Tracker 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /endpoint/update-track…
Medium
CVE-2024-2073
A vulnerability has been found in SourceCodester Block Inserter for Dynamic Content 1.0 and classified as critical. This vulnerability affects unknown code of the file view_post.php. The manipulation…
Low
CVE-2024-2072
A vulnerability, which was classified as problematic, was found in SourceCodester Flashcard Quiz App 1.0. This affects an unknown part of the file /endpoint/update-flashcard.php. The manipulation of…
High
CVE-2024-27689
Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via /update-article.php.
Medium
CVE-2024-27559
Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /save_settings.php
Low
CVE-2024-2070
A vulnerability classified as problematic was found in SourceCodester FAQ Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /endpoint/add-faq.php. The mani…
Medium
CVE-2024-2069
A vulnerability classified as critical has been found in SourceCodester FAQ Management System 1.0. Affected is an unknown function of the file /endpoint/delete-faq.php. The manipulation of the argume…
Low
CVE-2024-2068
A vulnerability was found in SourceCodester Computer Inventory System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /endpoint/update-computer.php. The…
Medium
CVE-2024-2067
A vulnerability was found in SourceCodester Computer Inventory System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/delete-computer.php. The man…
Low
CVE-2024-2066
A vulnerability was found in SourceCodester Computer Inventory System 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/add-computer.php. The manipulation…
Low
CVE-2024-2065
A vulnerability was found in SourceCodester Barangay Population Monitoring System up to 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /endpoint/u…
Low
CVE-2024-2063
A vulnerability, which was classified as problematic, was found in SourceCodester Petrol Pump Management Software 1.0. Affected is an unknown function of the file /admin/app/profile_crud.php. The man…
Medium
CVE-2024-2062
A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. This issue affects some unknown processing of the file /admin/edit_categories.…
Medium
CVE-2024-2061
A vulnerability classified as critical was found in SourceCodester Petrol Pump Management Software 1.0. This vulnerability affects unknown code of the file /admin/edit_supplier.php. The manipulation…
Medium
CVE-2024-2060
A vulnerability classified as critical has been found in SourceCodester Petrol Pump Management Software 1.0. This affects an unknown part of the file /admin/app/login_crud.php. The manipulation of th…
Medium
CVE-2024-2059
A vulnerability was found in SourceCodester Petrol Pump Management Software 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/app/service_cru…
Medium
CVE-2024-2058
A vulnerability was found in SourceCodester Petrol Pump Management Software 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/pr…
High
CVE-2024-1859
The Slider Responsive Slideshow – Image slider, Gallery slideshow plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization of untrust…
Medium
CVE-2024-2022
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/list_ip…
Medium
CVE-2024-2021
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. Affected is an unknown function of the file /admin/list_localuser.php. The manipula…
2024-02-29
Medium
CVE-2024-2009
A vulnerability was found in Nway Pro 9. It has been rated as problematic. Affected by this issue is the function ajax_login_submit_form of the file login\index.php of the component Argument Handler.…
Critical
CVE-2024-0864
Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote code execution (RCE) attack via an improper input validation in a file_upload.php file which serves a…
Medium
CVE-2024-1976
The Marketing Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20200925. This is due to missing or incorrect nonce validation via the a…
Medium
CVE-2023-51802
Cross Site Scripting (XSS) vulnerability in the Simple Student Attendance System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the page or class_month parameter in…
Critical
CVE-2023-51801
SQL Injection vulnerability in the Simple Student Attendance System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the id parameter in the student_form.php and the…
Critical
CVE-2024-27516
Server-Side Template Injection (SSTI) vulnerability in livehelperchat before 4.34v, allows remote attackers to execute arbitrary code and obtain sensitive information via the search parameter in lhc_…
Medium
CVE-2024-26473
A reflected cross-site scripting (XSS) vulnerability in SocialMediaWebsite v1.0.1 allows attackers to inject malicious JavaScript into the web browser of a victim via the poll parameter in poll.php.
Medium
CVE-2024-26472
KLiK SocialMediaWebsite version 1.0.1 from msaad1999 has a reflected cross-site scripting (XSS) vulnerability which may allow remote attackers to execute arbitrary JavaScript in the web browser of a…
Medium
CVE-2024-26471
A reflected cross-site scripting (XSS) vulnerability in zhimengzhe iBarn v1.5 allows attackers to inject malicious JavaScript into the web browser of a victim via the search parameter in offer.php.
High
CVE-2024-1971
A vulnerability has been found in Surya2Developer Online Shopping System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file login.php of the compon…
Medium
CVE-2024-1970
A vulnerability, which was classified as problematic, was found in SourceCodester Online Learning System V2 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argume…
Medium
CVE-2024-1928
A vulnerability, which was classified as critical, has been found in SourceCodester Web-Based Student Clearance System 1.0. Affected by this issue is some unknown functionality of the file /admin/edi…
Medium
CVE-2024-1927
A vulnerability classified as critical was found in SourceCodester Web-Based Student Clearance System 1.0. Affected by this vulnerability is an unknown functionality of the file /Admin/login.php. The…
High
CVE-2024-0702
The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions hooked via AJAX in the includes/clas…
Medium
CVE-2024-0658
The Insert PHP Code Snippet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user's name when accessing the insert-php-code-snippet-manage page in all versions up to, and inc…
High
CVE-2023-7110
A vulnerability, which was classified as critical, has been found in code-projects Library Management System 2.0. This issue affects some unknown processing of the file login.php. The manipulation of…
High
CVE-2023-7109
A vulnerability classified as critical was found in code-projects Library Management System 2.0. This vulnerability affects unknown code of the file /admin/login.php. The manipulation of the argument…
Medium
CVE-2023-7108
A vulnerability classified as problematic has been found in code-projects E-Commerce Website 1.0. This affects an unknown part of the file user_signup.php. The manipulation of the argument firstname…
High
CVE-2023-7107
A vulnerability was found in code-projects E-Commerce Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file user_signup.php. The manipulation of…
Medium
CVE-2023-7106
A vulnerability was found in code-projects E-Commerce Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file product_details.php?prod_id…
Medium
CVE-2023-7105
A vulnerability was found in code-projects E-Commerce Website 1.0. It has been classified as critical. Affected is an unknown function of the file index_search.php. The manipulation of the argument s…
2024-02-28
Critical
CVE-2024-25422
SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the SEMCMS_Menu.php component.
Low
CVE-2024-26476
An issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted script to the formid parameter in the ereq_form.php component.
Medium
CVE-2024-26450
An issue exists within Piwigo before v.14.2.0 allowing a malicious user to take over the application. This exploit involves chaining a Cross Site Request Forgery vulnerability to issue a Stored Cross…
High
CVE-2024-25869
An Unrestricted File Upload vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via upload of a crafted php file in the settings.ph…
Medium
CVE-2024-25868
A Cross Site Scripting (XSS) vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via the membershipType parameter in the add_type.p…
Critical
CVE-2024-25867
A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the membershipType and membershipAmount parameters…
High
CVE-2024-25866
A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the email parameter in the index.php component.
Low
CVE-2024-25351
SQL Injection vulnerability in /zms/admin/changeimage.php in PHPGurukul Zoo Management System 1.0 allows attackers to run arbitrary SQL commands via the editid parameter.
Critical
CVE-2024-25350
SQL Injection vulnerability in /zms/admin/edit-ticket.php in PHPGurukul Zoo Management System 1.0 via tickettype and tprice parameters.
High
CVE-2024-22983
SQL injection vulnerability in Projectworlds Visitor Management System in PHP v.1.0 allows a remote attacker to escalate privileges via the name parameter in the myform.php endpoint.
Low
CVE-2024-1972
A vulnerability was found in SourceCodester Online Job Portal 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Employer/EditProfile.php. The manipu…
Medium
CVE-2024-1954
The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.1.8. This is due to missing or incorrect…
2024-02-27
Critical
CVE-2024-25846
In the module "Product Catalog (CSV, Excel) Import" (simpleimportproduct) <= 6.7.0 from MyPrestaModules for PrestaShop, a guest can upload files with extensions .php.
Medium
CVE-2024-1926
A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /app/ajax/searc…
Medium
CVE-2024-1925
A vulnerability was found in Ctcms 2.1.2. It has been declared as critical. This vulnerability affects unknown code of the file ctcms/apps/controllers/admin/Upsys.php. The manipulation leads to unres…
Medium
CVE-2024-1924
A vulnerability was found in CodeAstro Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the file /get_membership_amount.php. The manipulation of t…
Critical
CVE-2024-25400
Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php. NOTE: this is disputed by multiple third parties because it refers to an HTTP request to a PHP file that only contains a class…
Medium
CVE-2024-25399
Subrion CMS 4.2.1 is vulnerable to Cross Site Scripting (XSS) via adminer.php.
Medium
CVE-2024-1923
A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as critical. Affected by this issue is the function delete_class/delete_student of the file /ajax-api.p…
Low
CVE-2024-1922
A vulnerability has been found in SourceCodester Online Job Portal 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Employer/ManageJob.php of…
Medium
CVE-2024-1921
A vulnerability, which was classified as critical, was found in osuuu LightPicture up to 1.2.2. Affected is an unknown function of the file /app/controller/Setup.php. The manipulation leads to unrest…
Medium
CVE-2024-1920
A vulnerability, which was classified as critical, has been found in osuuu LightPicture up to 1.2.2. This issue affects the function handle of the file /app/middleware/TokenVerify.php. The manipulati…
Low
CVE-2024-1919
A vulnerability classified as problematic was found in SourceCodester Online Job Portal 1.0. This vulnerability affects unknown code of the file /Employer/ManageWalkin.php of the component Manage Wal…
Medium
CVE-2024-1918
A vulnerability has been found in Byzoro Smart S42 Management Platform up to 20240219 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /useratte/user…
High
CVE-2023-6585
The WP JobSearch WordPress plugin before 2.3.4 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server
High
CVE-2024-22917
SQL injection vulnerability in Dynamic Lab Management System Project in PHP v.1.0 allows a remote attacker to execute arbitrary code via a crafted script.
Critical
CVE-2023-41506
An arbitrary file upload vulnerability in the Update/Edit Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via uploading a crafted PHP f…
Medium
CVE-2024-25166
Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file.
2024-02-26
Critical
CVE-2024-25247
SQL Injection vulnerability in /app/api/controller/Store.php in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via latitude and longitude parameters.
Critical
CVE-2024-24401
SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote attacker to execute arbitrary code via a crafted payload to the monitoringwizard.php component.
Medium
CVE-2024-25410
flusity-CMS 2.33 is vulnerable to Unrestricted Upload of File with Dangerous Type in update_setting.php.
Medium
CVE-2024-25344
Cross Site Scripting vulnerability in ITFlow.org before commit v.432488eca3998c5be6b6b9e8f8ba01f54bc12378 allows a remtoe attacker to execute arbitrary code and obtain sensitive information via the s…
Medium
CVE-2024-1878
A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /myprofile.php. The manipul…
Medium
CVE-2024-1877
A vulnerability was found in SourceCodester Employee Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /cancel.php. The m…
High
CVE-2024-1876
A vulnerability was found in SourceCodester Employee Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /psubmit.php. The manipulation of the argum…
Medium
CVE-2024-1875
A vulnerability was found in SourceCodester Complaint Management System 1.0 and classified as critical. This issue affects some unknown processing of the file users/register-complaint.php of the comp…
Low
CVE-2024-1871
A vulnerability, which was classified as problematic, was found in SourceCodester Employee Management System 1.0. Affected is an unknown function of the file /process/assignp.php of the component Pro…
2024-02-23
High
CVE-2024-1833
A vulnerability was found in SourceCodester Employee Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /Account/login.php. The manipul…
High
CVE-2024-1831
A vulnerability, which was classified as critical, was found in SourceCodester Complete File Management System 1.0. Affected is an unknown function of the file users/index.php of the component Login…
High
CVE-2024-1830
A vulnerability was found in code-projects Library System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file Source/librarian/user/student/lost-passw…
High
CVE-2024-1829
A vulnerability was found in code-projects Library System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file Source/librarian/user/student/r…
High
CVE-2024-1828
A vulnerability was found in code-projects Library System 1.0. It has been classified as critical. Affected is an unknown function of the file Source/librarian/user/teacher/registration.php. The mani…
High
CVE-2024-1827
A vulnerability was found in code-projects Library System 1.0 and classified as critical. This issue affects some unknown processing of the file Source/librarian/user/teacher/login.php. The manipulat…
High
CVE-2024-1826
A vulnerability has been found in code-projects Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file Source/librarian/user/student/login.php. The manipul…
High
CVE-2024-1824
A vulnerability, which was classified as critical, has been found in CodeAstro House Rental Management System 1.0. Affected by this issue is some unknown functionality of the file signing.php. The ma…
Medium
CVE-2024-1823
A vulnerability classified as critical was found in CodeAstro Simple Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file users.php of the component Backend. The…
Low
CVE-2024-1822
A vulnerability classified as problematic has been found in PHPGurukul Tourism Management System 1.0. Affected is an unknown function of the file user-bookings.php. The manipulation of the argument F…
Medium
CVE-2024-1821
A vulnerability was found in code-projects Crime Reporting System 1.0. It has been rated as critical. This issue affects some unknown processing of the file police_add.php. The manipulation of the ar…
High
CVE-2024-1820
A vulnerability was found in code-projects Crime Reporting System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file inchargelogin.php. The manipulation of the…
High
CVE-2024-1817
A vulnerability has been found in Demososo DM Enterprise Website Building System up to 2022.8 and classified as critical. Affected by this vulnerability is the function dmlogin of the file indexDM_lo…
Low
CVE-2024-1784
A vulnerability classified as problematic was found in Limbas 5.2.14. Affected by this vulnerability is an unknown functionality of the file main_admin.php. The manipulation of the argument tab_group…
2024-02-22
Medium
CVE-2024-1750
A vulnerability, which was classified as critical, was found in TemmokuMVC up to 2.3. Affected is the function get_img_url/img_replace in the library lib/images_get_down.php of the component Image Do…
Medium
CVE-2024-25828
cmseasy V7.7.7.9 has an arbitrary file deletion vulnerability in lib/admin/template_admin.php.
Medium
CVE-2024-26445
flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_place.php