Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 3.0 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-40759
User enumeration is found in PHP Jabbers Restaurant Booking Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an malicious user to determine if the user is valid or not, enabling a brute force attack with valid users.
Phpjabbers Restaurant Booking Script 3.0
9.8
CVSSv3
CVE-2023-40764
User enumeration is found in PHP Jabbers Car Rental Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an malicious user to determine if the user is valid or not, enabling a brute force attack with valid users.
Phpjabbers Car Rental Script 3.0
9.8
CVSSv3
CVE-2015-10097
A vulnerability was found in grinnellplans-php up to 3.0. It has been declared as critical. Affected by this vulnerability is the function interface_disp_page/interface_disp_page of the file read.php. The manipulation leads to sql injection. The attack can be launched remotely. T...
Grinnellplans Grinnellplans
9.8
CVSSv3
CVE-2011-4906
Tiny browser in TinyMCE 3.0 editor in Joomla! prior to 1.5.13 allows file upload and arbitrary PHP code execution.
Tiny Tinybrowser
1 EDB exploit
9.8
CVSSv3
CVE-2018-20477
An issue exists in S-CMS 3.0. It allows SQL Injection via the bank/callback1.php P_no field.
S-cms S-cms 3.0
9.8
CVSSv3
CVE-2018-19290
In modules/HELPBOT_MODULE in Budabot 0.6 up to and including 4.0, lax syntax validation allows remote malicious users to perform a command injection attack against the PHP daemon with a crafted command, resulting in a denial of service or possibly unspecified other impact, as dem...
Budabot Budabot
9.8
CVSSv3
CVE-2018-18083
An issue exists in DuomiCMS 3.0. Remote PHP code execution is possible via the search.php searchword parameter because "eval" is used during "if" processing.
Comsenz Duomicms 3.0
9.8
CVSSv3
CVE-2017-17098
The writeLog function in fn_common.php in gps-server.net GPS Tracking Software (self hosted) up to and including 3.0 allows remote malicious users to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by <?php system($_...
Gps-server Gps Tracking Software
1 EDB exploit
9.8
CVSSv3
CVE-2014-8684
CodeIgniter prior to 3.0 and Kohana 3.2.3 and previous versions and 3.3.x up to and including 3.3.2 make it easier for remote malicious users to spoof session cookies and consequently conduct PHP object injection attacks by leveraging use of standard string comparison operators t...
Kohanaframework Kohana 3.3.0
Kohanaframework Kohana 3.3.1
Kohanaframework Kohana 3.2.3
Codeigniter Codeigniter
1 EDB exploit
9.8
CVSSv3
CVE-2016-3154
The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x prior to 2.1.19, 3.0.x prior to 3.0.22, and 3.1.x prior to 3.1.1 allows remote malicious users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object.
Spip Spip 2.1.15
Spip Spip 3.0.3
Spip Spip 2.1.8
Spip Spip 2.0.0
Spip Spip 2.0.3
Spip Spip 2.0.6
Spip Spip 2.0.10
Spip Spip 3.0.8
Spip Spip 3.0.19
Spip Spip 2.1.17
Spip Spip 2.0.19
Spip Spip 2.1.4
Spip Spip 3.0.4
Spip Spip 3.0.7
Spip Spip 2.1.19
Spip Spip 2.0.12
Spip Spip 2.1.2
Spip Spip 2.0.16
Spip Spip 2.1.18
Spip Spip 2.1.5
Spip Spip 2.1.13
Spip Spip 2.1.16
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »