Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 3.0.1 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-24284
The Kaswara Modern VC Addons WordPress plugin up to and including 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fonts_icon directory with no checks for malic...
Kaswara Project Kaswara
1 Github repository
1 Article
9.8
CVSSv3
CVE-2019-19919
Versions of handlebars before 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an malicious user to execute arbitrary code through crafted payloads.
Handlebars.js Project Handlebars.js 1.0.6
Handlebars.js Project Handlebars.js 1.0.7
Handlebars.js Project Handlebars.js 1.0.8
Handlebars.js Project Handlebars.js 1.0.9
Handlebars.js Project Handlebars.js 1.0.10
Handlebars.js Project Handlebars.js 1.0.11
Handlebars.js Project Handlebars.js 1.0.12
Handlebars.js Project Handlebars.js 1.1.0
Handlebars.js Project Handlebars.js 1.1.1
Handlebars.js Project Handlebars.js 1.1.2
Handlebars.js Project Handlebars.js 1.2.0
Handlebars.js Project Handlebars.js 1.2.1
Handlebars.js Project Handlebars.js 1.3.0
Handlebars.js Project Handlebars.js 2.0.0
Handlebars.js Project Handlebars.js 3.0.0
Handlebars.js Project Handlebars.js 3.0.1
Handlebars.js Project Handlebars.js 3.0.2
Handlebars.js Project Handlebars.js 3.0.3
Handlebars.js Project Handlebars.js 4.0.0
Handlebars.js Project Handlebars.js 4.0.1
Handlebars.js Project Handlebars.js 4.0.2
Handlebars.js Project Handlebars.js 4.0.3
9.8
CVSSv3
CVE-2016-2403
Symfony prior to 2.8.6 and 3.x prior to 3.0.6 allows remote malicious users to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind.
Sensiolabs Symfony 3.0.5
Sensiolabs Symfony 3.0.2
Sensiolabs Symfony 2.8.0
Sensiolabs Symfony 2.8.4
Sensiolabs Symfony 2.8.3
Sensiolabs Symfony 3.0.1
Sensiolabs Symfony 2.8.1
Sensiolabs Symfony 3.0.0
Sensiolabs Symfony 2.8.5
Sensiolabs Symfony 3.0.3
Sensiolabs Symfony 3.0.4
Sensiolabs Symfony 2.8.2
9.8
CVSSv3
CVE-2016-5873
Buffer overflow in the HTTP URL parsing functions in pecl_http prior to 3.0.1 might allow remote malicious users to execute arbitrary code via non-printable characters in a URL.
Php Pecl Http
9.8
CVSSv3
CVE-2016-3154
The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x prior to 2.1.19, 3.0.x prior to 3.0.22, and 3.1.x prior to 3.1.1 allows remote malicious users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object.
Spip Spip 2.1.15
Spip Spip 3.0.3
Spip Spip 2.1.8
Spip Spip 2.0.0
Spip Spip 2.0.3
Spip Spip 2.0.6
Spip Spip 2.0.10
Spip Spip 3.0.8
Spip Spip 3.0.19
Spip Spip 2.1.17
Spip Spip 2.0.19
Spip Spip 2.1.4
Spip Spip 3.0.4
Spip Spip 3.0.7
Spip Spip 2.1.19
Spip Spip 2.0.12
Spip Spip 2.1.2
Spip Spip 2.0.16
Spip Spip 2.1.18
Spip Spip 2.1.5
Spip Spip 2.1.13
Spip Spip 2.1.16
9.8
CVSSv3
CVE-2016-3153
SPIP 2.x prior to 2.1.19, 3.0.x prior to 3.0.22, and 3.1.x prior to 3.1.1 allows remote malicious users to execute arbitrary PHP code by adding content, related to the filtrer_entites function.
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Spip Spip 2.1.15
Spip Spip 3.0.3
Spip Spip 2.1.8
Spip Spip 2.0.0
Spip Spip 2.0.3
Spip Spip 2.0.6
Spip Spip 2.0.10
Spip Spip 3.0.8
Spip Spip 3.0.19
Spip Spip 2.1.17
Spip Spip 2.0.19
Spip Spip 2.1.4
Spip Spip 3.0.4
Spip Spip 3.0.7
Spip Spip 2.0.12
Spip Spip 2.1.2
Spip Spip 2.0.16
Spip Spip 2.1.18
Spip Spip 2.1.5
Spip Spip 2.1.13
8.8
CVSSv3
CVE-2023-3343
The User Registration plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.0.1 via deserialization of untrusted input from the 'profile-pic-url' parameter. This allows authenticated attackers, with subscriber-level permissions a...
Wpeverest User Registration
8.8
CVSSv3
CVE-2018-20641
PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.
Entrepreneur Job Portal Script Project Entrepreneur Job Portal Script 3.0.1
7.8
CVSSv3
CVE-2015-5723
Doctrine Annotations prior to 1.2.7, Cache prior to 1.3.2 and 1.4.x prior to 1.4.2, Common prior to 2.4.3 and 2.5.x prior to 2.5.1, ORM prior to 2.4.8 or 2.5.x prior to 2.5.1, MongoDB ODM prior to 1.0.2, and MongoDB ODM Bundle prior to 3.0.1 use world-writable permissions for cac...
Zend Zend-cache 2.5.1
Zend Zend-cache 2.5.0
Zend Zend-cache 2.5.2
Zend Zend-cache
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Doctrine-project Object Relational Mapper 2.5.0
Doctrine-project Object Relational Mapper
Doctrine-project Doctrinemongodbbundle 3.0.0
Zend Zend Framework
Doctrine-project Common
Doctrine-project Common 2.5.0
Doctrine-project Annotations
Doctrine-project Mongodb-odm
Doctrine-project Cache 1.4.0
Doctrine-project Cache 1.4.1
Doctrine-project Cache
Zend Zf-apigility-doctrine
1 Github repository
7.2
CVSSv3
CVE-2022-33900
PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress.
Sandhillsdev Easy Digital Downloads
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »