CVE-2015-10086 – OpenCycleCompass server-php login.php sql injection
https://notcve.org/view.php?id=CVE-2015-10086
A vulnerability, which was classified as critical, was found in OpenCycleCompass server-php. Affected is an unknown function of the file api1/login.php. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. • https://github.com/OpenCycleCompass/server-php/commit/fa0d9bcf81c711a88172ad0d37a842f029ac3782 https://vuldb.com/?ctiid.221808 https://vuldb.com/?id.221808 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-26267
https://notcve.org/view.php?id=CVE-2023-26267
php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via \LIBXML_DTDLOAD | \LIBXML_DTDATTR. • https://git.sr.ht/~fkooman/php-saml-sp/commit/851f75b298a77e62d9022f1b170f662f5f7716d6 https://git.sr.ht/~fkooman/php-saml-sp/log • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2020-29168
https://notcve.org/view.php?id=CVE-2020-29168
SQL Injection vulnerability in Projectworlds Online Doctor Appointment Booking System, allows attackers to gain sensitive information via the q parameter to the getuser.php endpoint. • https://projectworlds.in/free-projects/php-projects/online-doctor-appointment-booking-system-php-and-mysql/%2C https://projectworlds.in/wp-content/uploads/2020/05/PHP-Doctor-Appointment-System.zip https://www.exploit-db.com/exploits/49059 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-3172
https://notcve.org/view.php?id=CVE-2021-3172
An issue in Php-Fusion v9.03.90 fixed in v9.10.00 allows authenticated attackers to cause a Distributed Denial of Service via the Polling feature. • https://github.com/PHPFusion/PHPFusion/commit/7b8df6925cc7cfd8585d4f34d9120ff3a2e5753e https://github.com/PHPFusion/PHPFusion/issues/2351 •
CVE-2023-0568 – Array overrun in common path resolve code
https://notcve.org/view.php?id=CVE-2023-0568
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. A vulnerability was found in PHP. This security issue occurs because the core path resolution function allocates a buffer one byte small. Resolving paths with lengths close to the system MAXPATHLEN setting may lead to the byte after the allocated buffer being overwritten with a NULL value, which might lead to unauthorized data access or modification. • https://bugs.php.net/bug.php?id=81746 https://security.netapp.com/advisory/ntap-20230517-0001 https://access.redhat.com/security/cve/CVE-2023-0568 https://bugzilla.redhat.com/show_bug.cgi?id=2170770 • CWE-131: Incorrect Calculation of Buffer Size CWE-770: Allocation of Resources Without Limits or Throttling •