Monthly Archive: July 2021

A SQL injection vulnerability in /question.php of LJCMS Version v4.3.R60321 allows attackers to obtain sensitive database information. Date published : 2021-07-08 https://github.com/0xyu/PHP_Learning/issues/1

A server side request forgery (SSRF) vulnerability in /ApiAdminDomainSettings.php of MipCMS 5.0.1 allows attackers to access sensitive information. Date published : 2021-07-08 https://github.com/sansanyun/mipcms5/issues/5

Crossi Site Scripting (XSS) vulnerability in PbootCMS 2.0.3 in admin.php. Date published : 2021-07-08 http://pbootcms.com https://github.com/hnaoyun/PbootCMS

Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/route process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. Date...

Improper Authorization in ThinkSAAS v2.7 allows remote attackers to modify the description of any user’s photo via the "photoid%5B%5D" and "photodesc%5B%5D" parameters in the component "index.php?app=photo." Date published : 2021-07-08 https://github.com/thinksaas/ThinkSAAS/issues/19

app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored XSS in the sharing groups view. Date published : 2021-07-07 https://github.com/MISP/MISP/commit/01521d614cb578de75a406394b4f0426f6036ba7 https://github.com/MISP/MISP/compare/v2.4.145…v2.4.146

In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenticated user can inject arbitrary text into user browser via the Web application. Date published : 2021-07-07 http://teradici.com https://gist.github.com/rvismit/578f9f98d79f22d81a5e45dbbc0b4fa4

A vulnerability in the getSelectedMimeTypesByRole function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to view custom extensions added by administrators. This issue affects versions 2.2.3 and prior. Date published :...

A vulnerability in the deleteCustomType function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to delete custom extensions added by administrators. This issue affects versions 2.2.3 and prior. Date published :...

A vulnerability in the saveCustomType function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to inject arbitrary web scripts. This issue affects versions 2.2.3 and prior. Date published : 2021-07-07 Vulnerability...

A vulnerability in the file uploader component found in the ~/src/Classes/FileUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user registration or during profile updates. This...

A vulnerability in the image uploader component found in the ~/src/Classes/ImageUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user registration or during profile updates. This...

A vulnerability in the user profile update component found in the ~/src/Classes/EditUserProfile.php file of the ProfilePress WordPress plugin made it possible for users to escalate their privileges to that of an administrator while editing...

A vulnerability in the user registration component found in the ~/src/Classes/RegistrationAuth.php file of the ProfilePress WordPress plugin made it possible for users to register on sites as an administrator. This issue affects versions 3.0.0...