Overview A significant security vulnerability, identified as CVE-2025-63918, has been discovered in PDFPatcher. This vulnerability allows attackers to perform directory traversal attacks due to insufficient validation of user-supplied file paths. This flaw enables malicious actors to upload arbitrary files to arbitrary locations on the system where PDFPatcher is installed, potentially leading to severe consequences. Technical Details The root cause of this vulnerability lies in the PDFPatcher executable’s failure to properly sanitize or validate file paths provided by the user. Specifically, the application does not adequately prevent the use of “..” sequences or other path manipulation techniques when handling file upload…
-
-
Published: 2025-11-17T17:15:51.207 Overview CVE-2025-63917 identifies a critical XML External Entity (XXE) vulnerability affecting PDFPatcher versions up to and including 1.1.3.4663. This flaw resides within the application’s XML bookmark import functionality and stems from the improper handling of external entities during XML parsing. By exploiting this vulnerability, attackers can potentially read arbitrary files from the victim’s system, exfiltrate sensitive data, perform Server-Side Request Forgery (SSRF) attacks, or trigger denial-of-service conditions. Technical Details The root cause of CVE-2025-63917 lies in PDFPatcher’s use of the .NET XmlDocument class without disabling external entity resolution. This default configuration allows the application to process external entities…
-
Overview A high-severity SQL injection vulnerability, identified as CVE-2025-62519, has been discovered in phpMyFAQ, an open-source FAQ web application. This vulnerability affects versions prior to 4.0.14 and allows a privileged user with ‘Configuration Edit’ permissions to execute arbitrary SQL commands. Successful exploitation can lead to a full compromise of the database. It is crucial to update to version 4.0.14 immediately to mitigate this risk. Technical Details The SQL injection flaw resides in the main configuration update functionality. Specifically, a privileged user possessing ‘Configuration Edit’ permissions can manipulate input parameters in a way that allows them to inject malicious SQL code.…
-
Overview CVE-2025-58410 is a critical vulnerability discovered in certain GPU drivers, allowing a non-privileged user to gain unintended write access to memory buffers that are intended to be read-only. This potentially allows for privilege escalation and other malicious activities. Technical Details The vulnerability stems from improper handling of memory protections for buffer resources within the GPU driver. Specifically, software installed and run as a non-privileged user may conduct improper GPU system calls. These calls bypass intended security mechanisms, granting write permissions to memory buffers that are designated as read-only. The root cause is a flaw in how the driver manages…
-
Overview A high-severity SQL injection vulnerability, identified as CVE-2025-13319, has been discovered in Digi On-Prem Manager. This vulnerability allows an attacker with valid API tokens to inject arbitrary SQL commands via crafted input to the API. It’s important to note that the API feature is not enabled by default, and a valid API token is required for successful exploitation. Technical Details The vulnerability resides within the API feature of Digi On-Prem Manager. Specifically, the application fails to properly sanitize user-supplied input when processing API requests. This allows an attacker with a valid API token to craft malicious SQL queries that…
-
Overview CVE-2025-13291 describes a high-severity SQL injection vulnerability discovered in Campcodes Supplier Management System version 1.0. This vulnerability allows a remote attacker to execute arbitrary SQL commands on the underlying database by manipulating the ID argument in the /manufacturer/confirm_order.php file. This could lead to data breaches, modification, or deletion. Technical Details The vulnerability resides in the /manufacturer/confirm_order.php file. The application fails to properly sanitize user-supplied input passed via the ID parameter. Specifically, the application directly incorporates the ID parameter into an SQL query without adequate escaping or parameterization. This allows an attacker to inject malicious SQL code. The exploit is…
-
Overview CVE-2025-13290 identifies a medium-severity SQL injection vulnerability affecting the Simple Food Ordering System version 1.0. This flaw allows a remote attacker to execute arbitrary SQL commands by manipulating the ID parameter in the /saveorder.php file. The vulnerability is publicly known and an exploit is available, increasing the risk of exploitation. Technical Details The SQL injection vulnerability exists due to insufficient sanitization of user-supplied input passed to the ID parameter within the /saveorder.php file. By injecting malicious SQL code into this parameter, an attacker can potentially: Bypass authentication mechanisms. Read sensitive data from the database (e.g., user credentials, order details,…
-
Overview CVE-2025-13193 is a medium-severity vulnerability found in libvirt, a virtualization management library. This flaw allows unprivileged users to potentially access sensitive information from guest operating systems. The vulnerability stems from the incorrect creation of external inactive snapshots for shut-down virtual machines as world-readable. This unintended exposure enables unauthorized users to inspect the contents of the guest OS images. Technical Details The issue arises when libvirt creates external snapshots of VMs that are already shut down. Instead of restricting permissions appropriately, these snapshots are inadvertently created with world-readable permissions. This means that any user on the system with access to…
-
Overview CVE-2024-46336 identifies a Cross-Site Scripting (XSS) vulnerability present in kashipara School Management System version 1.0. This vulnerability allows attackers to inject malicious scripts into the application, potentially compromising user accounts, stealing sensitive information, or defacing the website. The vulnerability exists within the /client_user/feedback.php file. Technical Details The kashipara School Management System 1.0 suffers from a reflected XSS vulnerability. Specifically, the feedback.php page within the /client_user/ directory does not properly sanitize user input before displaying it back to the user. This allows an attacker to craft a malicious URL that, when visited by a user, injects JavaScript code into the…
-
Overview CVE-2024-46334 details a Cross-Site Scripting (XSS) vulnerability found in Kashipara School Management System version 1.0. This vulnerability allows attackers to inject malicious scripts into the application through the formuser and formpassword parameters in the /adminLogin.php file. Successful exploitation of this vulnerability can lead to account hijacking, data theft, and other malicious activities. Technical Details The vulnerability resides in the /adminLogin.php script, specifically in how user input from the formuser and formpassword parameters is handled. The application fails to properly sanitize or encode this input before displaying it in the application’s context. This allows an attacker to inject arbitrary JavaScript…