Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php to page project php to page vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-5199
The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the 'php-to-page' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to include local file ...
Php To Page Project Php To Page
4.3
CVSSv2
CVE-2021-42078
PHP Event Calendar through 2021-11-04 allows persistent cross-site scripting (XSS), as demonstrated by the /server/ajax/events_manager.php title parameter. This can be exploited by an adversary in multiple ways, e.g., to perform actions on the page in the context of other users, ...
Php Event Calendar Project Php Event Calendar 2021-11-04
NA
CVE-2022-37454
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows malicious users to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
Extended Keccak Code Package Project Extended Keccak Code Package -
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Php Php
Python Python
Sha3 Project Sha3
Pysha3 Project Pysha3
Pypy Pypy
1 Github repository
8.5
CVSSv2
CVE-2018-19518
University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, wh...
Php Php
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Uw-imap Project Uw-imap 2007f
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 16.04
4 Github repositories
NA
CVE-2023-36992
PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the admin page allows remote malicious users to execute PHP code.
Travianz Project Travianz 8.3.4
Travianz Project Travianz 8.3.3
6.5
CVSSv2
CVE-2022-30007
GXCMS V1.5 has a file upload vulnerability in the background. The vulnerability is the template management page. You can edit any template content and then rename to PHP suffix file, after calling PHP file can control the server.
Gxcms Project Gxcms 1.5
5.5
CVSSv2
CVE-2018-15185
PHP Scripts Mall Naukri / Shine / Jobsite Clone Script 3.0.4 allows remote malicious users to cause a denial of service (page update outage) via crafted PHP and JavaScript code in the "Current Position" field.
Naukri Clone Script Project Naukri Clone Script 3.0.4
NA
CVE-2023-30106
Sourcecodester Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS) via page=about.
Medicine Tracker System Project Medicine Tracker System 1.0
NA
CVE-2022-44278
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=user/manage_user&id=.
Sanitization Management System Project Sanitization Management System 1.0
NA
CVE-2022-44294
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/manage_service&id=.
Sanitization Management System Project Sanitization Management System 1.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »