Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php group php vulnerabilities and exploits
(subscribe to this query)
1000
VMScore
CVE-2008-4439
PHP remote file inclusion vulnerability in admin/bin/patch.php in MartinWood Datafeed Studio prior to 1.6.3 allows remote malicious users to execute arbitrary PHP code via a URL in the INSTALL_FOLDER parameter. NOTE: the provenance of this information is unknown; the details are ...
Martinwood Datafeed Studio
1 EDB exploit
1000
VMScore
CVE-2006-1770
Multiple PHP remote file inclusion vulnerabilities in Azerbaijan Design & Development Group (AZDG) AzDGVote allow remote malicious users to execute arbitrary PHP code via a URL in the int_path parameter in (1) vote.php, (2) view.php, (3) admin.php, and (4) admin/index.php.
Azerbaijan Development Group Azdgvote 1.0
1 EDB exploit
890
VMScore
CVE-2007-1695
PHP remote file inclusion vulnerability in includes/usercp_register.php in phpBB 2.0.19 allows remote malicious users to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue has been disputed by third-party researchers, stating that the file che...
Phpbb Group Phpbb 2.0.19
890
VMScore
CVE-2005-2149
config.php in Cacti 0.8.6e and previous versions allows remote malicious users to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks.
The Cacti Group Cacti 0.8.2
The Cacti Group Cacti 0.8.2a
The Cacti Group Cacti 0.8.6a
The Cacti Group Cacti 0.8.6b
The Cacti Group Cacti 0.8.4
The Cacti Group Cacti 0.8.5
The Cacti Group Cacti 0.8.6e
The Cacti Group Cacti 0.8.3
The Cacti Group Cacti 0.8.3a
The Cacti Group Cacti 0.8.6c
The Cacti Group Cacti 0.8.6d
The Cacti Group Cacti 0.8
The Cacti Group Cacti 0.8.1
The Cacti Group Cacti 0.8.5a
The Cacti Group Cacti 0.8.6
828
VMScore
CVE-2006-3016
Unspecified vulnerability in session.c in PHP prior to 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names," including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting (XS...
Php Group Php
801
VMScore
CVE-2017-14123
Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. Any user can upload files with any extensions. By uploading a PHP file to the server, an attacker can cause it to execute in the server context, as demon...
Zohocorp Manageengine Firewall Analyzer 12.2
770
VMScore
CVE-2004-1315
viewtopic.php in phpBB 2.x prior to 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote malicious users to execute arbitrary PHP code by double-encoding the highlight value so that special characters are insert...
Phpbb Group Phpbb 1.2.0
Phpbb Group Phpbb 1.2.1
Phpbb Group Phpbb 2.0.10
Phpbb Group Phpbb 2.0.2
Phpbb Group Phpbb 2.0.3
Phpbb Group Phpbb 2.0.7a
Phpbb Group Phpbb 2.0.8
Phpbb Group Phpbb 2.0 Rc4
Phpbb Group Phpbb
Phpbb Group Phpbb 1.4.2
Phpbb Group Phpbb 1.4.4
Phpbb Group Phpbb 2.0.6
Phpbb Group Phpbb 2.0.6c
Phpbb Group Phpbb 2.0 Beta1
Phpbb Group Phpbb 2.0 Rc1
Phpbb Group Phpbb 1.4.0
Phpbb Group Phpbb 1.4.1
Phpbb Group Phpbb 2.0.4
Phpbb Group Phpbb 2.0.5
Phpbb Group Phpbb 2.0.8a
Phpbb Group Phpbb 2.0.9
Phpbb Group Phpbb 1.0.0
4 EDB exploits
760
VMScore
CVE-2007-1424
Multiple PHP remote file inclusion vulnerabilities in Softnews Media Group DataLife Engine allow remote malicious users to execute arbitrary PHP code via a URL in the root_dir parameter to (1) init.php and (2) Ajax/editnews.php. NOTE: some of these details are obtained from third...
Softnews Media Group Datalife Engine 4.1
Softnews Media Group Datalife Engine 5.5
2 EDB exploits
760
VMScore
CVE-2006-3940
Multiple SQL injection vulnerabilities in phpbb-Auction allow remote malicious users to execute arbitrary SQL commands via (1) the ar parameter in auction_room.php and (2) the u parameter in auction_store.php. NOTE: the auction_rating.php vector is already covered by CVE-2005-123...
Phpbb Group Phpbb-auction 1.3m
Phpbb Group Phpbb-auction 1.0m
Phpbb Group Phpbb-auction 1.2m
2 EDB exploits
760
VMScore
CVE-2006-3221
SQL injection vulnerability in index.php in DataLife Engine 4.1 and previous versions allows remote malicious users to execute arbitrary SQL commands via double-encoded values in the user parameter in a userinfo subaction.
Softnews Media Group Datalife Engine
2 EDB exploits
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »