CVE-2022-24663 PHP Code Snippets can be executed via WordPress shortcodes in PHP Everywhere =2.0.3.
The snipping functionality was disabled by default in PHP 5.3 and 5.4 due to security issues. If you were using PHP 5.3
CVE-2022-23638 - Security Flaw in svg-sanitizer Library Leads to XSS Attacks
svg-sanitizer is a popular PHP library used for cleaning and validating SVG files. It is commonly integrated in web platforms to ensure that uploaded SVGs
CVE-2022-0557 OS Command Injection in Packagist microweber/microweber prior to 1.2.11.
It has been fixed in version 1.2.12. In older versions, attackers could inject an arbitrary command as GET or POST request parameter by
CVE-2022-22534 - Exploiting SAP NetWeaver Vulnerability to Steal User IDs and Passwords
Summary:
A critical vulnerability, CVE-2022-22534, was discovered in SAP NetWeaver. The flaw is due to insufficient encoding of user input, letting unauthenticated attackers inject code
CVE-2022-0502 - Stored Cross-site Scripting (XSS) in remdex/livehelperchat Prior to 3.93
A critical stored Cross-site Scripting (XSS) vulnerability, tracked as CVE-2022-0502, was discovered in the popular PHP-based live chat software remdex/livehelperchat before version 3.93.
Episode
00:00:00
00:00:00