Solonbarroso

#11266of 53,624
24.4Total CVSS
Vulnerabilities · 4
Medium
3
High
1
PT-2025-52343
5.4
2025-12-18
Unknown · Phpmsadmin · CVE-2025-63947
**Name of the Vulnerable Software and Affected Versions** phpMsAdmin version 2.2 **Description** A Reflected Cross-Site Scripting (XSS) issue exists in the `database mode.php` file. After a user is authenticated, an attacker can execute arbitrary web script or HTML via the `dbname` parameter. **Recommendations** Update to a newer version that contains a fix for this vulnerability.
PT-2025-52344
5.4
2025-12-18
Unknown · Phpmsadmin · CVE-2025-63948
**Name of the Vulnerable Software and Affected Versions** phpMsAdmin version 2.2 **Description** A SQL Injection issue exists in the `database mode.php` file. An attacker can execute arbitrary SQL commands via the `dbname` parameter, potentially leading to information disclosure or database manipulation. **Recommendations** Update phpMsAdmin to a newer version that addresses this issue. As a temporary workaround, restrict access to the `database mode.php` file or carefully sanitize the `dbname` parameter to prevent SQL injection attacks.
PT-2025-52345
6.1
2025-12-18
Yohanawi · Hotel Management System · CVE-2025-63949
**Name of the Vulnerable Software and Affected Versions** yohanawi Hotel Management System version 87e004a **Description** A Reflected Cross-Site Scripting (XSS) issue exists in yohanawi Hotel Management System. This allows a remote attacker to execute arbitrary web script through the `error` parameter in the 'pages/room.php' file. The vulnerable parameter is `error`. The affected API endpoint is '/pages/room.php'. **Recommendations** Apply the fix for version 87e004a. As a temporary workaround, sanitize the `error` parameter in the '/pages/room.php' file to prevent the execution of arbitrary web scripts.
PT-2025-52347
7.5
2025-12-18
Miczflor · Rpi-Jukebox-Rfid · CVE-2025-63951
**Name of the Vulnerable Software and Affected Versions** MiczFlor RPi-Jukebox-RFID versions prior to commit 4b2334f0ae0e87c0568876fc41c48c38aa9a7014 (2025-10-07) **Description** An insecure deserialization issue exists in the `rss-mp3.php` script. The `rss` GET parameter receives data that is directly passed to the `unserialize()` function without validation. This allows a remote, unauthenticated attacker to inject arbitrary PHP objects, potentially leading to errors or a denial of service. The `unserialize()` function is a PHP function used to convert a serialized string into an object. Without proper validation, it can be exploited to execute arbitrary code. **Recommendations** Versions prior to commit 4b2334f0ae0e87c0568876fc41c48c38aa9a7014 (2025-10-07) should be updated.