Medium
CVE-2024-22208
phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ applicat…
Tag: PHP
All CVEs associated with "PHP". Page 95/312 • 37362 CVEs.
Subscribe CVEs: RSS for “PHP” · RSS (High+Critical only)
About “PHP”
A curated feed of “PHP”-related CVEs appears below. We currently track 37362 CVEs for this tag (all time). In the last 365 days, 6049 were published. Average CVSS is 6.7 (all time; 6.9 over 365d), and 50% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion').
In our taxonomy this topic maps to a LOW impact class. Language runtimes and libraries cascade through dependency graphs. Upgrade runtime and toolchain, pin versions, rebuild images, and enable SAST or DAST and linters. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2024-02-05
Critical
CVE-2023-51951
SQL Injection vulnerability in Stock Management System 1.0 allows a remote attacker to execute arbitrary code via the id parameter in the manage_bo.php file.
Medium
CVE-2024-22202
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make…
High
CVE-2024-24469
Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the delete_post .php.
High
CVE-2024-24468
Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_customblock.php.
High
CVE-2024-1225
A vulnerability classified as critical was found in QiboSoft QiboCMS X1 up to 1.0.6. Affected by this vulnerability is the function rmb_pay of the file /application/index/controller/Pay.php. The mani…
2024-02-04
Medium
CVE-2019-25159
A vulnerability was found in mpedraza2020 Intranet del Monterroso up to 4.50.0. It has been classified as critical. This affects an unknown part of the file config/cargos.php. The manipulation of the…
Low
CVE-2015-10129
A vulnerability was found in planet-freo up to 20150116 and classified as problematic. Affected by this issue is some unknown functionality of the file admin/inc/auth.inc.php. The manipulation of the…
2024-02-03
Low
CVE-2024-1215
A vulnerability was found in SourceCodester CRUD without Page Reload 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file fetch_data.php. The manipu…
Medium
CVE-2024-1199
A vulnerability has been found in CodeAstro Employee Task Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file \employee-tasks-p…
Medium
CVE-2024-1198
A vulnerability, which was classified as critical, was found in openBI up to 6.0.3. Affected is the function addxinzhi of the file application/controllers/User.php of the component Phar Handler. The…
2024-02-02
High
CVE-2024-1197
A vulnerability, which was classified as critical, has been found in SourceCodester Testimonial Page Manager 1.0. This issue affects some unknown processing of the file delete-testimonial.php of the…
Medium
CVE-2024-1196
A vulnerability classified as problematic was found in SourceCodester Testimonial Page Manager 1.0. This vulnerability affects unknown code of the file add-testimonial.php of the component HTTP POST…
High
CVE-2024-24470
Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the update_post.php component.
Critical
CVE-2024-22108
An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method setTermsHashAction at /opt/webapp/lib/PureApi/CCApi.class.php is vulnerable to an unauthenticated SQL injection via /ccapi.…
High
CVE-2024-22107
An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method systemSettingsDnsDataAction at /opt/webapp/src/AppBundle/Controller/React/SystemSettingsController.php is vulnerable to com…
Medium
CVE-2024-0844
The Popup More Popups, Lightboxes, and more popup modules plugin for WordPress is vulnerable to Local File Inclusion in version 2.1.6 via the ycfChangeElementData() function. This makes it possible f…
High
CVE-2024-23895
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
High
CVE-2024-24524
Cross Site Request Forgery (CSRF) vulnerability in flusity-CMS v.2.33, allows remote attackers to execute arbitrary code via the add_menu.php component.
2024-02-01
Medium
CVE-2024-24945
A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected…
Medium
CVE-2024-24041
A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected…
Low
CVE-2024-24754
Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a `RequestHandlerInterface`, then the Lambda event is converted to a PSR7 object.…
Medium
CVE-2024-24753
Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two hea…
Medium
CVE-2024-24752
Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a `RequestHandlerInterface`, then the Lambda event is converted to a PSR7 object.…
2024-01-31
High
CVE-2024-24573
facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, when a user updates their profile, a POST request containing user information is sent to t…
Medium
CVE-2024-24572
facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, the $_REQUEST global array was unsafely called inside an extract() function in admin-logs.…
High
CVE-2024-1117
A vulnerability was found in openBI up to 1.0.8. It has been declared as critical. Affected by this vulnerability is the function index of the file /application/index/controller/Screen.php. The manip…
High
CVE-2024-1116
A vulnerability was found in openBI up to 1.0.8. It has been classified as critical. Affected is the function index of the file /application/plugins/controller/Upload.php. The manipulation leads to u…
High
CVE-2024-1115
A vulnerability was found in openBI up to 1.0.8 and classified as critical. This issue affects the function dlfile of the file /application/websocket/controller/Setting.php. The manipulation of the a…
Medium
CVE-2024-1114
A vulnerability has been found in openBI up to 1.0.8 and classified as critical. This vulnerability affects the function dlfile of the file /application/index/controller/Screen.php. The manipulation…
Medium
CVE-2024-1113
A vulnerability, which was classified as critical, was found in openBI up to 1.0.8. This affects the function uploadUnity of the file /application/index/controller/Unity.php. The manipulation of the…
Medium
CVE-2024-1111
A vulnerability, which was classified as problematic, has been found in SourceCodester QR Code Login System 1.0. Affected by this issue is some unknown functionality of the file add-user.php. The man…
Low
CVE-2024-1103
A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file profile.php of the compone…
Medium
CVE-2024-22569
Stored Cross-Site Scripting (XSS) vulnerability in POSCMS v4.6.2, allows attackers to execute arbitrary code via a crafted payload to /index.php?c=install&m=index&step=2&is_install_db=0.
2024-01-30
High
CVE-2024-1036
A vulnerability was found in openBI up to 1.0.8 and classified as critical. This issue affects the function uploadIcon of the file /application/index/controller/Screen.php of the component Icon Handl…
High
CVE-2024-1035
A vulnerability has been found in openBI up to 1.0.8 and classified as critical. This vulnerability affects the function uploadIcon of the file /application/index/controller/Icon.php. The manipulatio…
High
CVE-2024-1034
A vulnerability, which was classified as critical, was found in openBI up to 1.0.8. This affects the function uploadFile of the file /application/index/controller/File.php. The manipulation leads to…
Medium
CVE-2024-1033
A vulnerability, which was classified as problematic, has been found in openBI up to 1.0.8. Affected by this issue is the function agent of the file /application/index/controller/Datament.php. The ma…
High
CVE-2024-1032
A vulnerability classified as critical was found in openBI up to 1.0.8. Affected by this vulnerability is the function testConnection of the file /application/index/controller/Databasesource.php of t…
Low
CVE-2024-1031
A vulnerability was found in CodeAstro Expense Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file templates/5-Add-Expenses.php of the comp…
Low
CVE-2024-1030
A vulnerability was found in Cogites eReserv 7.7.58. It has been classified as problematic. This affects an unknown part of the file /front/admin/tenancyDetail.php. The manipulation of the argument i…
Low
CVE-2024-1029
A vulnerability was found in Cogites eReserv 7.7.58 and classified as problematic. Affected by this issue is some unknown functionality of the file /front/admin/tenancyDetail.php. The manipulation of…
High
CVE-2024-22938
Insecure Permissions vulnerability in BossCMS v.1.3.0 allows a local attacker to execute arbitrary code and escalate privileges via the init function in admin.class.php component.
Low
CVE-2024-1026
A vulnerability was found in Cogites eReserv 7.7.58 and classified as problematic. This issue affects some unknown processing of the file front/admin/config.php. The manipulation of the argument id w…
Medium
CVE-2023-51813
Cross Site Request Forgery (CSRF) vulnerability in Free Open-Source Inventory Management System v.1.0 allows a remote attacker to execute arbitrary code via the staff_list parameter in the index.php…
2024-01-29
Low
CVE-2024-1022
A vulnerability, which was classified as problematic, was found in CodeAstro Simple Student Result Management System 5.6. This affects an unknown part of the file /add_classes.php of the component Ad…
Medium
CVE-2024-22570
A stored cross-site scripting (XSS) vulnerability in /install.php?m=install&c=index&a=step3 of GreenCMS v2.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
Low
CVE-2024-1018
A vulnerability classified as problematic has been found in PbootCMS 3.2.5-20230421. Affected is an unknown function of the file /admin.php?p=/Area/index#tab=t2. The manipulation of the argument name…
Medium
CVE-2024-1011
A vulnerability classified as problematic was found in SourceCodester Employee Management System 1.0. This vulnerability affects unknown code of the file delete-leave.php of the component Leave Handl…
Low
CVE-2024-1010
A vulnerability classified as problematic has been found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file edit-profile.php. The manipulation of the argument…
High
CVE-2024-1009
A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Admin/login.php. The manip…
Medium
CVE-2024-1008
A vulnerability was found in SourceCodester Employee Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file edit-photo.php of…
Medium
CVE-2024-1007
A vulnerability was found in SourceCodester Employee Management System 1.0. It has been classified as critical. Affected is an unknown function of the file edit_profile.php. The manipulation of the a…
High
CVE-2024-1006
A vulnerability was found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified as critical. This issue affects some unknown processing of the file application/index/common.php of the comp…
Medium
CVE-2024-0989
A vulnerability, which was classified as problematic, has been found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected by this issue is the function del_sn_db of the file /application/index/co…
Medium
CVE-2024-0988
A vulnerability classified as critical was found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected by this vulnerability is the function checklogin of the file /application/index/common.php. T…
Medium
CVE-2024-0986
A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php?menu=asterisk_cli of the component Asterisk-Cli. The m…
2024-01-27
Low
CVE-2024-0958
A vulnerability was found in CodeAstro Stock Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /index.php of the component Add Category Handl…
2024-01-26
High
CVE-2024-0946
A vulnerability classified as critical was found in 60IndexPage up to 1.8.5. This vulnerability affects unknown code of the file /apply/index.php of the component Parameter Handler. The manipulation…
High
CVE-2024-0945
A vulnerability classified as critical has been found in 60IndexPage up to 1.8.5. This affects an unknown part of the file /include/file.php of the component Parameter Handler. The manipulation of th…
Medium
CVE-2024-0939
A vulnerability has been found in Byzoro Smart S210 Management Platform up to 20240117 and classified as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipu…
Medium
CVE-2024-0938
A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file /general/email/inbox/delete_webmail.php. The manipulation of the ar…
Medium
CVE-2024-0933
A vulnerability was found in Niushop B2B2C V5 and classified as critical. Affected by this issue is some unknown functionality of the file \app\model\Upload.php. The manipulation leads to unrestricte…
High
CVE-2024-23896
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
High
CVE-2024-23894
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
High
CVE-2024-23893
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
High
CVE-2024-23892
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
High
CVE-2024-23891
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
High
CVE-2024-23890
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
High
CVE-2024-23889
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
High
CVE-2024-23888
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
High
CVE-2024-23887
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
High
CVE-2024-23886
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
High
CVE-2024-23885
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
High
CVE-2024-23884
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
High
CVE-2024-23883
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
High
CVE-2024-23882
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
High
CVE-2024-23881
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
High
CVE-2024-23880
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
High
CVE-2024-23879
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
High
CVE-2024-23878
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
High
CVE-2024-23877
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
High
CVE-2024-23876
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
High
CVE-2024-23875
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
High
CVE-2024-23874
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
High
CVE-2024-23873
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
High
CVE-2024-23872
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
High
CVE-2024-23871
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
High
CVE-2024-23870
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
High
CVE-2024-23869
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
High
CVE-2024-23868
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
High
CVE-2024-23867
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
High
CVE-2024-23866
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
High
CVE-2024-23865
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
High
CVE-2024-23864
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
High
CVE-2024-23863
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
High
CVE-2024-23862
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
High
CVE-2024-23861
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
High
CVE-2024-23860
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
High
CVE-2024-23859
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
High
CVE-2024-23858
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
High
CVE-2024-23857
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
High
CVE-2024-23856
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
2024-01-25
High
CVE-2024-21620
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an attacker to construct…
Critical
CVE-2024-22922
An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe attacker to escalate privileges via a crafted script to the login page in the POST/index.php
High
CVE-2024-24399
An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area.
Critical
CVE-2024-22638
liveSite v2019.1 was discovered to contain a remote code execution (RCE) vulenrabiity via the component /livesite/edit_designer_region.php or /livesite/add_email_campaign.php.
Medium
CVE-2024-22637
Form Tools v3.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /form_builder/preview.php?form_id=2.
Medium
CVE-2024-22635
WebCalendar v1.3.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /WebCalendarvqsmnseug2/edit_entry.php.
Medium
CVE-2024-0884
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. This issue affects the function exec of the file payment.php. The manipulation…
Medium
CVE-2024-0883
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been declared as critical. This vulnerability affects the function prepare of the file admin/pay.php.…
High
CVE-2024-23855
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerabilit…
Medium
CVE-2023-6282
IceHrm 23.0.0.OS does not sufficiently encode user-controlled input, which creates a Cross-Site Scripting (XSS) vulnerability via /icehrm/app/fileupload_page.php, in multiple parameters. An attacker…
2024-01-23
Medium
CVE-2023-44401
The Silverstripe CMS GraphQL Server serves Silverstripe data as GraphQL representations. In versions 4.0.0 prior to 4.3.7 and 5.0.0 prior to 5.1.3, `canView` permission checks are bypassed for ORM da…
Critical
CVE-2024-22076
MyQ Print Server before 8.2 patch 43 allows remote authenticated administrators to execute arbitrary code via PHP scripts that are reached through the administrative interface.
2024-01-22
Medium
CVE-2024-0783
A vulnerability was found in Project Worlds Online Admission System 1.0 and classified as critical. This issue affects some unknown processing of the file documents.php. The manipulation leads to unr…
Low
CVE-2024-0782
A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. This vulnerability affects unknown code of the file pass-profile.php. The manipulation…
Low
CVE-2024-0781
A vulnerability, which was classified as problematic, was found in CodeAstro Internet Banking System 1.0. This affects an unknown part of the file pages_client_signup.php. The manipulation of the arg…
High
CVE-2024-0778
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. Affected by this issue is the function setNatConfig of the file…
High
CVE-2024-22895
DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php.