Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

php to page project php to page vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2023-5199
The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the 'php-to-page' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to include local file ...
Php To Page Project Php To Page
4.3
CVSSv2
CVE-2021-42078
PHP Event Calendar through 2021-11-04 allows persistent cross-site scripting (XSS), as demonstrated by the /server/ajax/events_manager.php title parameter. This can be exploited by an adversary in multiple ways, e.g., to perform actions on the page in the context of other users, ...
Php Event Calendar Project Php Event Calendar 2021-11-04
NA
CVE-2022-37454
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows malicious users to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
Extended Keccak Code Package Project Extended Keccak Code Package -Debian Debian Linux 10.0Debian Debian Linux 11.0Fedoraproject Fedora 35Fedoraproject Fedora 36Php PhpPython PythonSha3 Project Sha3Pysha3 Project Pysha3Pypy Pypy
8.5
CVSSv2
CVE-2018-19518
University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, wh...
Php PhpDebian Debian Linux 8.0Debian Debian Linux 9.0Uw-imap Project Uw-imap 2007fCanonical Ubuntu Linux 18.04Canonical Ubuntu Linux 19.04Canonical Ubuntu Linux 16.04
NA
CVE-2023-36992
PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the admin page allows remote malicious users to execute PHP code.
Travianz Project Travianz 8.3.4Travianz Project Travianz 8.3.3
6.5
CVSSv2
CVE-2022-30007
GXCMS V1.5 has a file upload vulnerability in the background. The vulnerability is the template management page. You can edit any template content and then rename to PHP suffix file, after calling PHP file can control the server.
Gxcms Project Gxcms 1.5
5.5
CVSSv2
CVE-2018-15185
PHP Scripts Mall Naukri / Shine / Jobsite Clone Script 3.0.4 allows remote malicious users to cause a denial of service (page update outage) via crafted PHP and JavaScript code in the "Current Position" field.
Naukri Clone Script Project Naukri Clone Script 3.0.4
NA
CVE-2023-30106
Sourcecodester Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS) via page=about.
Medicine Tracker System Project Medicine Tracker System 1.0
NA
CVE-2022-44278
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=user/manage_user&id=.
Sanitization Management System Project Sanitization Management System 1.0
NA
CVE-2022-44294
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/manage_service&id=.
Sanitization Management System Project Sanitization Management System 1.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673CVE-2024-36674CVE-2024-27348unspecifiedCVE-2024-24919CVE-2024-4870malicious code‎CVE-2024-2019hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook