Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 3.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-5407
A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the "search" parameter in /portal/search.htm. This vulnerability could allow a remote malicious user to perform a reverse shell on the remote system, compromising the entire infrastructure.
5.4
CVSSv3
CVE-2023-44075
Cross Site Scripting vulnerability in Small CRM in PHP v.3.0 allows a remote malicious user to execute arbitrary code via a crafted payload to the Address parameter.
Small Crm Project Small Crm 3.0
6.1
CVSSv3
CVE-2023-41538
phpjabbers PHP Forum Script 3.0 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter.
Phpjabbers Php Forum Script 3.0
1 Github repository
9.8
CVSSv3
CVE-2023-40759
User enumeration is found in PHP Jabbers Restaurant Booking Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an malicious user to determine if the user is valid or not, enabling a brute force attack with valid users.
Phpjabbers Restaurant Booking Script 3.0
9.8
CVSSv3
CVE-2023-40764
User enumeration is found in PHP Jabbers Car Rental Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an malicious user to determine if the user is valid or not, enabling a brute force attack with valid users.
Phpjabbers Car Rental Script 3.0
9.8
CVSSv3
CVE-2015-10097
A vulnerability was found in grinnellplans-php up to 3.0. It has been declared as critical. Affected by this vulnerability is the function interface_disp_page/interface_disp_page of the file read.php. The manipulation leads to sql injection. The attack can be launched remotely. T...
Grinnellplans Grinnellplans
8.8
CVSSv3
CVE-2021-24890
The Scripts Organizer WordPress plugin prior to 3.0 does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allow unauthenticated users to put arbit...
Dplugins Scripts Organizer
6.1
CVSSv3
CVE-2022-31109
laminas-diactoros is a PHP package containing implementations of the PSR-7 HTTP message interfaces and PSR-17 HTTP message factory interfaces. Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the ho...
Getlaminas Laminas-diactoros
7.2
CVSSv3
CVE-2022-26607
A remote code execution (RCE) vulnerability in baigo CMS v3.0-alpha-2 exists to allow malicious users to execute arbitrary code via uploading a crafted PHP file.
Baigo Baigo Cms 3.0
7.5
CVSSv3
CVE-2022-0778
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curv...
Openssl Openssl
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Netapp Santricity Smi-s Provider -
Netapp Storagegrid -
Netapp Clustered Data Ontap -
Netapp Clustered Data Ontap Antivirus Connector -
Netapp Cloud Volumes Ontap Mediator -
Netapp A250 Firmware -
Netapp 500f Firmware -
Fedoraproject Fedora 34
Fedoraproject Fedora 36
Tenable Nessus
Mariadb Mariadb
Nodejs Node.js
10 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »