Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 5.0 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-36132
PHP Jabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control.
Phpjabbers Availability Booking Calendar 5.0
9.8
CVSSv3
CVE-2022-44354
SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file.
Contec Solarview Compact Firmware 5.0
Contec Solarview Compact Firmware 4.0
9.8
CVSSv3
CVE-2015-8980
The plural form formula in ngettext family of calls in php-gettext prior to 1.0.12 allows remote malicious users to execute arbitrary code.
Php-gettext Project Php-gettext
Opensuse Leap 42.2
Opensuse Leap 42.1
Redhat Enterprise Linux 5.0
Fedoraproject Fedora 24
9.8
CVSSv3
CVE-2019-14746
A issue exists in KuaiFanCMS 5.0. It allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request.
Kuaifan Kuaifancms 5.0
9.8
CVSSv3
CVE-2018-20148
In WordPress prior to 4.9.9 and 5.x prior to 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wp_get_attachment_thumb_file function in wp-i...
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
2 Github repositories
8.8
CVSSv3
CVE-2022-2594
The Advanced Custom Fields WordPress plugin prior to 5.12.3, Advanced Custom Fields Pro WordPress plugin prior to 5.12.3 allows unauthenticated users to upload files allowed in a default WP configuration (so PHP is not possible) if there is a frontend form available. This vulnera...
Advancedcustomfields Advanced Custom Fields
8.8
CVSSv3
CVE-2020-10580
A command injection on the /admin/broadcast.php script of Invigo Automatic Device Management (ADM) up to and including 5.0 allows remote authenticated malicious users to execute arbitrary PHP code on the server as the user running the application.
Invigo Automatic Device Management
8.8
CVSSv3
CVE-2019-8942
WordPress prior to 4.9.9 and 5.x prior to 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by upl...
Wordpress Wordpress 5.0
Wordpress Wordpress
Debian Debian Linux 9.0
2 EDB exploits
7 Github repositories
7.5
CVSSv3
CVE-2021-32050
Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed. Without due care, an...
Mongodb C\\+\\+
Mongodb Node.js
Mongodb Swift Driver
Mongodb Php Driver
Mongodb C Driver
7.5
CVSSv3
CVE-2022-31157
LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the function used to generate random nonces was not sufficiently cryptographically complex. Users should upgrade to version 5.0 to receive a patch. There are cur...
Packback Lti 1.3 Tool Library
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »