Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 4.0.2 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-0340
The Custom Content Shortcode WordPress plugin up to and including 4.0.2 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files ...
Custom Content Shortcode Project Custom Content Shortcode
NA
CVE-2023-0255
The Enable Media Replace WordPress plugin prior to 4.0.2 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites.
Shortpixel Enable Media Replace
1 Github repository
4
CVSSv2
CVE-2021-24825
The Custom Content Shortcode WordPress plugin prior to 4.0.2 does not validate the data passed to its load shortcode, which could allow Contributor+ (v < 4.0.1) or Admin+ (v < 4.0.2) users to display arbitrary files from the filesystem (such as logs, .htaccess etc), as well...
Custom Content Shortcode Project Custom Content Shortcode
6.5
CVSSv2
CVE-2021-29454
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user p...
Smarty Smarty
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 36
Fedoraproject Fedora 37
1 Github repository
7.5
CVSSv2
CVE-2019-19919
Versions of handlebars before 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an malicious user to execute arbitrary code through crafted payloads.
Handlebars.js Project Handlebars.js 1.0.6
Handlebars.js Project Handlebars.js 1.0.7
Handlebars.js Project Handlebars.js 1.0.8
Handlebars.js Project Handlebars.js 1.0.9
Handlebars.js Project Handlebars.js 1.0.10
Handlebars.js Project Handlebars.js 1.0.11
Handlebars.js Project Handlebars.js 1.0.12
Handlebars.js Project Handlebars.js 1.1.0
Handlebars.js Project Handlebars.js 1.1.1
Handlebars.js Project Handlebars.js 1.1.2
Handlebars.js Project Handlebars.js 1.2.0
Handlebars.js Project Handlebars.js 1.2.1
Handlebars.js Project Handlebars.js 1.3.0
Handlebars.js Project Handlebars.js 2.0.0
Handlebars.js Project Handlebars.js 3.0.0
Handlebars.js Project Handlebars.js 3.0.1
Handlebars.js Project Handlebars.js 3.0.2
Handlebars.js Project Handlebars.js 3.0.3
Handlebars.js Project Handlebars.js 4.0.0
Handlebars.js Project Handlebars.js 4.0.1
Handlebars.js Project Handlebars.js 4.0.2
Handlebars.js Project Handlebars.js 4.0.3
6.5
CVSSv2
CVE-2014-9619
Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager.php in Netsweeper prior to 3.1.10, 4.0.x prior to 4.0.9, and 4.1.x prior to 4.1.2 allows remote authenticated users with admin privileges on the Cloud Manager web console to execute arbitrary PHP c...
Netsweeper Netsweeper 4.0.7
Netsweeper Netsweeper 4.0.5
Netsweeper Netsweeper 4.0.3
Netsweeper Netsweeper 4.0.2
Netsweeper Netsweeper 4.0.1
Netsweeper Netsweeper 4.0.0
Netsweeper Netsweeper 4.0.8
Netsweeper Netsweeper 4.0.6
Netsweeper Netsweeper 4.0.4
Netsweeper Netsweeper
Netsweeper Netsweeper 4.1.1
Netsweeper Netsweeper 4.1.0
1 EDB exploit
4
CVSSv2
CVE-2017-1002024
Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files.
Kindsoft Kind Editor 4.1.11
Kindsoft Kind Editor 4.1.9
Kindsoft Kind Editor 4.1.2
Kindsoft Kindeditor 4.1.12
Kindsoft Kind Editor 4.0.5
Kindsoft Kind Editor 4.0.4
Kindsoft Kind Editor 4.0.3
Kindsoft Kind Editor 4.0.2
Kindsoft Kind Editor 4.1.10
Kindsoft Kind Editor 4.1.8
Kindsoft Kind Editor 4.1.3
Kindsoft Kind Editor 4.1.1
Kindsoft Kind Editor 4.0.6
Kindsoft Kind Editor 4.0.1
Kindsoft Kind Editor
Kindsoft Kind Editor 4.1.7
Kindsoft Kind Editor 4.1.6
Kindsoft Kind Editor 4.1.5
Kindsoft Kind Editor 4.1.4
Kindsoft Kind Editor 4.1
Kindsoft Kind Editor 4.0
6.5
CVSSv2
CVE-2017-10993
Contao prior to 3.5.28 and 4.x prior to 4.4.1 allows remote malicious users to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal.
Contao Contao Cms 4.3.1
Contao Contao Cms 4.3.2
Contao Contao Cms 4.3.3
Contao Contao Cms 4.3.5
Contao Contao Cms 4.2.0
Contao Contao Cms 4.1.1
Contao Contao Cms
Contao Contao Cms 4.3.10
Contao Contao Cms 4.3.11
Contao Contao Cms 4.3.0
Contao Contao Cms 4.1.0
Contao Contao Cms 4.0.1
Contao Contao Cms 4.0.2
Contao Contao Cms 4.0.3
Contao Contao Cms 4.4.0
Contao Contao Cms 4.3.6
Contao Contao Cms 4.3.8
Contao Contao Cms 4.2.2
Contao Contao Cms 4.2.4
Contao Contao Cms 4.1.3
Contao Contao Cms 4.0.4
Contao Contao Cms 4.0.0
4.3
CVSSv2
CVE-2017-5963
An issue exists in caddy (for TYPO3) prior to 7.2.10. The vulnerability exists due to insufficient filtration of user-supplied data in the "paymillToken" HTTP POST parameter passed to the "caddy/Resources/Public/JavaScript/e-payment/paymill/api/php/payment.php"...
Caddy Project Caddy 2.1.4
Caddy Project Caddy 4.0.1
Caddy Project Caddy 4.0.3
Caddy Project Caddy 6.0.1
Caddy Project Caddy 6.1.0
Caddy Project Caddy 6.3.0
Caddy Project Caddy 6.0.2
Caddy Project Caddy 6.0.9
Caddy Project Caddy 6.0.12
Caddy Project Caddy 6.0.14
Caddy Project Caddy 2.1.5
Caddy Project Caddy 2.1.6
Caddy Project Caddy 3.0.0
Caddy Project Caddy 4.0.0
Caddy Project Caddy 6.3.3
Caddy Project Caddy 7.0.0
Caddy Project Caddy 7.1.0
Caddy Project Caddy 7.2.7
Caddy Project Caddy 4.0.2
Caddy Project Caddy 4.0.12
Caddy Project Caddy 6.2.1
Caddy Project Caddy 6.3.1
6.5
CVSSv2
CVE-2016-6609
An issue exists in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions (before 4.6.4), 4.4.x versions (before 4.4.15.8), and 4.0.x versions (before 4.0.10.17) are affected.
Phpmyadmin Phpmyadmin 4.4.15.7
Phpmyadmin Phpmyadmin 4.4.15.6
Phpmyadmin Phpmyadmin 4.4.14
Phpmyadmin Phpmyadmin 4.4.13.1
Phpmyadmin Phpmyadmin 4.4.7
Phpmyadmin Phpmyadmin 4.4.6.1
Phpmyadmin Phpmyadmin 4.4.1
Phpmyadmin Phpmyadmin 4.4.0
Phpmyadmin Phpmyadmin 4.4.15.2
Phpmyadmin Phpmyadmin 4.4.15.1
Phpmyadmin Phpmyadmin 4.4.11
Phpmyadmin Phpmyadmin 4.4.10
Phpmyadmin Phpmyadmin 4.4.4
Phpmyadmin Phpmyadmin 4.4.3
Phpmyadmin Phpmyadmin 4.4.15.5
Phpmyadmin Phpmyadmin 4.4.15.4
Phpmyadmin Phpmyadmin 4.4.15.3
Phpmyadmin Phpmyadmin 4.4.13
Phpmyadmin Phpmyadmin 4.4.12
Phpmyadmin Phpmyadmin 4.4.6
Phpmyadmin Phpmyadmin 4.4.5
Phpmyadmin Phpmyadmin 4.4.15
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »