![]() NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Ī vulnerability classified as problematic was found in PHP Jabbers Taxi Booking 2.0. The identifier of this vulnerability is VDB-235964. ![]() The manipulation of the argument index leads to cross site scripting. Affected by this issue is some unknown functionality of the file /index.php. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means php file creation is still allowed for site administrators, use the plugin with caution.Ī vulnerability, which was classified as problematic, has been found in PHP Jabbers Rental Property Booking 2.0. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to create a PHP file and execute code on the server. The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus2' parameter. PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prior to 2.6.3.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |