#php

WordPress Bricks Builder Theme version 1.9.6 suffers from a PHP code injection vulnerability.

WordPress Hash Form plugin version 1.1.0 suffers from a PHP code injection vulnerability.

WordPress GiveWP Donation Fundraising Platform version 3.14.1 suffers from a PHP code injection vulnerability.

ViciDial version 2.0.5 suffers from a cross site request forgery vulnerability.

Vehicle Service Management System version 1.0 suffers from a cross site request forgery vulnerability.

Transport Management System version 1.0 suffers from an insecure direct object reference vulnerability.

Online Eyewear Shop version 1.0 suffers from an ignored default credential vulnerability.

AVideo version 12.4 suffers from a PHP code injection vulnerability.

SeedDMS version 6.0.28 suffers from a persistent cross site scripting vulnerability.

Ubuntu Security Notice 7049-1 - It was discovered that PHP incorrectly handled parsing multipart form data. A remote attacker could possibly use this issue to inject payloads and cause PHP to ignore legitimate data. It was discovered that PHP incorrectly handled the cgi.force_redirect configuration option due to environment variable collisions. In certain configurations, an attacker could possibly use this issue bypass force_redirect restrictions.