Security
Headlines
HeadlinesLatestCVEs

Tag

#php

WordPress GiveWP Donation / Fundraising Platform 3.14.1 Code Execution

The GiveWP Donation plugin and Fundraising Platform plugin for WordPress in all versions up to and including 3.14.1 is vulnerable to a PHP object injection (POI) flaw granting an unauthenticated attacker arbitrary code execution.

Packet Storm
#vulnerability#windows#linux#js#git#wordpress#php#auth
vTiger CRM 7.4.0 Cross Site Scripting

vTiger CRM version 7.4.0 suffers from multiple reflective cross site scripting vulnerabilities.

Online Bus Ticketing 1.0 Insecure Direct Object Reference

Online Bus Ticketing version 1.0 suffers from an insecure direct object reference vulnerability.

GHSA-mg8j-w93w-xjgc: Drupal Full Path Disclosure

`core/authorize.php` in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of `hash_salt` is `file_get_contents` of a file that does not exist.

GHSA-3wrg-6mg5-jg2v: FeehiCMS BannerForm[img] unrestricted upload

A vulnerability has been found in FeehiCMS up to 2.1.1 and classified as critical. This vulnerability affects the function createBanner of the file /admin/index.php?r=banner%2Fbanner-create. The manipulation of the argument BannerForm[img] leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

GHSA-xxqw-83c7-r24r: FeehiCMS file upload vulnerability

A vulnerability, which was classified as critical, was found in FeehiCMS up to 2.1.1. This affects the function update of the file /admin/index.php?r=friendly-link%2Fupdate. The manipulation of the argument FriendlyLink[image] leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.