>> TAG: #0day

RiteCMS 3.1.0 – Arbitrary File Deletion (Authenticated)

RiteCMS 3.1.0 – Remote Code Execution (RCE) (Authenticated)

ConnectWise Control 19.2.24707 – Username Enumeration

WordPress Plugin The True Ranker 2.2.2 – Arbitrary File Read (Unauthenticated)

SAFARI Montage 8.5 – Reflected Cross Site Scripting (XSS)

Library System in PHP 1.0 – ‘publisher name’ Stored Cross-Site Scripting (XSS)

Hostel Management System 2.1 – Cross Site Scripting (XSS)

Nettmp NNT 5.1 – SQLi Authentication Bypass

Hospitals Patient Records Management System 1.0 – ‘id’ SQL Injection (Authenticated)

AWebServer GhostBuilding 18 – Denial of Service (DoS)