Page 7 of 1243 results (0.009 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

A vulnerability, which was classified as critical, was found in OpenCycleCompass server-php. Affected is an unknown function of the file api1/login.php. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. • https://github.com/OpenCycleCompass/server-php/commit/fa0d9bcf81c711a88172ad0d37a842f029ac3782 https://vuldb.com/?ctiid.221808 https://vuldb.com/?id.221808 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via \LIBXML_DTDLOAD | \LIBXML_DTDATTR. • https://git.sr.ht/~fkooman/php-saml-sp/commit/851f75b298a77e62d9022f1b170f662f5f7716d6 https://git.sr.ht/~fkooman/php-saml-sp/log • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

SQL Injection vulnerability in Projectworlds Online Doctor Appointment Booking System, allows attackers to gain sensitive information via the q parameter to the getuser.php endpoint. • https://projectworlds.in/free-projects/php-projects/online-doctor-appointment-booking-system-php-and-mysql/%2C https://projectworlds.in/wp-content/uploads/2020/05/PHP-Doctor-Appointment-System.zip https://www.exploit-db.com/exploits/49059 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1

An issue in Php-Fusion v9.03.90 fixed in v9.10.00 allows authenticated attackers to cause a Distributed Denial of Service via the Polling feature. • https://github.com/PHPFusion/PHPFusion/commit/7b8df6925cc7cfd8585d4f34d9120ff3a2e5753e https://github.com/PHPFusion/PHPFusion/issues/2351 •

CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 1

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. A vulnerability was found in PHP. This security issue occurs because the core path resolution function allocates a buffer one byte small. Resolving paths with lengths close to the system MAXPATHLEN setting may lead to the byte after the allocated buffer being overwritten with a NULL value, which might lead to unauthorized data access or modification. • https://bugs.php.net/bug.php?id=81746 https://security.netapp.com/advisory/ntap-20230517-0001 https://access.redhat.com/security/cve/CVE-2023-0568 https://bugzilla.redhat.com/show_bug.cgi?id=2170770 • CWE-131: Incorrect Calculation of Buffer Size CWE-770: Allocation of Resources Without Limits or Throttling •