Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2021-42645
CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnerability. To exploit this vulnerability, an attacker must use the "File" parameter to upload a PHP payload to get a reverse shell from the vulnerable host.
Cmsimple-xh Cmsimple Xh 1.7.4
10
CVSSv2
CVE-2020-16152
The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine up to and including 10.0r8a allows malicious users to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to ...
Extremenetworks Aerohive Netconfig
Extremenetworks Aerohive Netconfig 10.0r8a
1 Metasploit module
2 Github repositories
10
CVSSv2
CVE-2021-42077
PHP Event Calendar prior to 2021-09-03 allows SQL injection, as demonstrated by the /server/ajax/user_manager.php username parameter. This can be used to execute SQL statements directly on the database, allowing an adversary in some cases to completely compromise the database sys...
Kaysongroup Php Event Calendar
10
CVSSv2
CVE-2021-42669
A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which allows changing the avatar through teacher_avatar.php. Once an avatar gets uploaded it is getting uploaded to the /admin/uploads/ directory, and is accessible by a...
Engineers Online Portal Project Engineers Online Portal -
2 Github repositories
10
CVSSv2
CVE-2021-40887
Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files[] parameter, an attacker can add ../ to move all PHP files or any file on the system that has permissions to /upload/files/ folder.
Projectsend Projectsend R1295
10
CVSSv2
CVE-2020-13873
A SQL Injection vulnerability in get_topic_info() in sys/CODOF/Forum/Topic.php in Codoforum prior to 4.9 allows remote attackers (pre-authentication) to bypass the admin page via a leaked password-reset token of the admin. (As an admin, an attacker can upload a PHP shell and exec...
Codologic Codoforum
10
CVSSv2
CVE-2021-3120
An arbitrary file upload vulnerability in the YITH WooCommerce Gift Cards Premium plugin prior to 3.3.1 for WordPress allows remote malicious users to achieve remote code execution on the operating system in the security context of the web server. In order to exploit this vulnera...
Yithemes Yith Woocommerce Gift Cards
10
CVSSv2
CVE-2021-25294
OpenCATS up to and including 0.9.5-3 unsafely deserializes index.php?m=activity requests, leading to remote code execution. This occurs because lib/DataGrid.php calls unserialize for the parametersactivity:ActivityDataGrid parameter. The PHP object injection exploit chain can lev...
Opencats Opencats
10
CVSSv2
CVE-2020-28130
An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos (under the web root).
Online Library Management System Project Online Library Management System 1.0
10
CVSSv2
CVE-2020-27976
osCommerce Phoenix CE prior to 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a from POST parameter can be passed to the application. This affects the PHP mail function, and the sendmail -f option.
Oscommerce Oscommerce
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »