AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
![]() This issue affects some unknown processing of the file index.php. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Ī vulnerability was found in SourceCodester Best POS Management System 1.0 and classified as problematic. The associated identifier of this vulnerability is VDB-256035. The exploit has been disclosed to the public and may be used. It is possible to initiate the attack remotely. The manipulation leads to inclusion of sensitive information in source code. This affects an unknown part of the file login.sql. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Ī vulnerability, which was classified as problematic, was found in keerti1924 PHP-MYSQL-User-Login-System 1.0. The associated identifier of this vulnerability is VDB-256315. The exploitation appears to be difficult. The complexity of an attack is rather high. ![]() Affected by this vulnerability is an unknown functionality of the file /secret_coder.sql. Users are recommended to upgrade to version 18.12.12, that fixes the issue.Ī vulnerability has been found in keerti1924 Secret-Coder-PHP-Project 1.0 and classified as problematic. Possible path traversal in Apache OFBiz allowing file inclusion. There are no known workarounds for this vulnerability. This issue has been addressed in version 10.10.0. ![]() Attackers gaining access to these logs may hijack active user sessions, leading to unauthorized access to sensitive information or actions on behalf of the user. Inclusion of session tokens in URLs poses a security risk as URLs are often logged in various places (e.g., web server logs, browser history). When reaching the /files page, a JWT is passed via GET request. Directus is a real-time API and App dashboard for managing SQL database content.
0 Comments
Read More
Leave a Reply. |