Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 5.0.1 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-39297
MelisCms provides a full CMS for Melis Platform, including templating system, drag'n'drop of plugins, SEO and many administration tools. Attackers can deserialize arbitrary data on affected versions of `melisplatform/melis-cms`, and ultimately leads to the execution of ...
Melistechnology Meliscms
9.8
CVSSv3
CVE-2022-39298
MelisFront is the engine that displays website hosted on Melis Platform. It deals with showing pages, plugins, URL rewritting, search optimization and SEO, etc. Attackers can deserialize arbitrary data on affected versions of `melisplatform/melis-front`, and ultimately leads to t...
Melistechnology Meliscms
8.8
CVSSv3
CVE-2020-19364
OpenEMR 5.0.1 allows an authenticated malicious user to upload and execute malicious PHP scripts through /controller.php.
Open-emr Openemr 5.0.1
1 Github repository
9.8
CVSSv3
CVE-2018-17179
An issue exists in OpenEMR prior to 5.0.1 Patch 7. There is SQL Injection in the make_task function in /interface/forms/eye_mag/php/taskman_functions.php via /interface/forms/eye_mag/taskman.php.
Open-emr Openemr
1 Github repository
9.8
CVSSv3
CVE-2019-10684
Application/Admin/Controller/ConfigController.class.php in 74cms v5.0.1 allows remote malicious users to execute arbitrary PHP code via the index.php?m=Admin&c=config&a=edit site_domain parameter.
74cms 74cms 5.0.1
8.8
CVSSv3
CVE-2019-8942
WordPress prior to 4.9.9 and 5.x prior to 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by upl...
Wordpress Wordpress 5.0
Wordpress Wordpress
Debian Debian Linux 9.0
2 EDB exploits
7 Github repositories
6.5
CVSSv3
CVE-2018-20152
In WordPress prior to 4.9.9 and 5.x prior to 5.0.1, authors could bypass intended restrictions on post types via crafted input.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
6.5
CVSSv3
CVE-2018-20147
In WordPress prior to 4.9.9 and 5.x prior to 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files.
Wordpress Wordpress
Debian Debian Linux 9.0
Debian Debian Linux 8.0
6.1
CVSSv3
CVE-2018-20150
In WordPress prior to 4.9.9 and 5.x prior to 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
5.4
CVSSv3
CVE-2018-20153
In WordPress prior to 4.9.9 and 5.x prior to 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »