CVE-2021-30134
https://notcve.org/view.php?id=CVE-2021-30134
php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php. php-mod/curl (un contenedor de la extensión PHP cURL) anterior a 2.3.2 permite XSS a través del parámetro clave post_file_path_upload.php y los datos POST en post_multidimensional.php. • https://wpscan.com/vulnerability/0b547728-27d2-402e-ae17-90d539344ec7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-4455 – sproctor php-calendar index.php cross site scripting
https://notcve.org/view.php?id=CVE-2022-4455
A vulnerability, which was classified as problematic, was found in sproctor php-calendar. This affects an unknown part of the file index.php. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is a2941109b42201c19733127ced763e270a357809. • https://github.com/sproctor/php-calendar/commit/a2941109b42201c19733127ced763e270a357809 https://vuldb.com/?id.215445 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •
CVE-2021-35284
https://notcve.org/view.php?id=CVE-2021-35284
SQL Injection vulnerability in function get_user in login_manager.php in rizalafani cms-php v1. Vulnerabilidad de inyección SQL en la función get_user en login_manager.php en rizalafani cms-php v1. • https://github.com/rizalafani/cms-php/issues/1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-3972 – Pingkon HMS-PHP adminlogin.php sql injection
https://notcve.org/view.php?id=CVE-2022-3972
A vulnerability was found in Pingkon HMS-PHP. It has been rated as critical. This issue affects some unknown processing of the file admin/adminlogin.php. The manipulation of the argument uname/pass leads to sql injection. The attack may be initiated remotely. • https://github.com/Pingkon/HMS-PHP/issues/1 https://vuldb.com/?id.213551 • CWE-707: Improper Neutralization •
CVE-2022-3973 – Pingkon HMS-PHP Data Pump Metadata admin.php sql injection
https://notcve.org/view.php?id=CVE-2022-3973
A vulnerability classified as critical has been found in Pingkon HMS-PHP. Affected is an unknown function of the file /admin/admin.php of the component Data Pump Metadata. The manipulation of the argument uname/pass leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Pingkon/HMS-PHP/issues/1 https://vuldb.com/?id.213552 • CWE-707: Improper Neutralization •