>> TAG: #0day

Processwire CMS 2.4.0 – ‘download’ Local File Inclusion

School Log Management System 1.0 – ‘username’ SQL Injection / Remote Code Execution

Student Attendance Management System 1.0 – ‘username’ SQL Injection / Remote Code Execution

Multi Restaurant Table Reservation System 1.0 – ‘table_id’ Unauthenticated SQL Injection

Exploit Title: Complaints Report Management System 1.0 – ‘username’ SQL Injection / Remote Code Execution

Apache Flink 1.9.x – File Upload RCE (Unauthenticated)

WordPress Plugin Simple File List 5.4 – Arbitrary File Upload

CSE Bookstore 1.0 – ‘quantity’ Persistent Cross-site Scripting

DedeCMS v.5.8 – “keyword” Cross-Site Scripting

Citadel WebCit < 926 – Session Hijacking Exploit