Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
code injection vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2012-1495
install/index.php in WebCalendar prior to 1.2.5 allows remote malicious users to execute arbitrary code via the form_single_user_login parameter.
Webcalendar Project Webcalendar
2 EDB exploits
1 Github repository
NA
CVE-2011-2505
libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x prior to 3.3.10.2 and 3.4.x prior to 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote malicious users to modify the SESSION superglob...
Phpmyadmin Phpmyadmin 3.0.1.1
Phpmyadmin Phpmyadmin 3.2.1
Phpmyadmin Phpmyadmin 3.3.10.0
Phpmyadmin Phpmyadmin 3.1.4
Phpmyadmin Phpmyadmin 3.1.3
Phpmyadmin Phpmyadmin 3.3.8.1
Phpmyadmin Phpmyadmin 3.2.0
Phpmyadmin Phpmyadmin 3.3.10.1
Phpmyadmin Phpmyadmin 3.1.2
Phpmyadmin Phpmyadmin 3.1.0
Phpmyadmin Phpmyadmin 3.3.3.0
Phpmyadmin Phpmyadmin 3.0.0
Phpmyadmin Phpmyadmin 3.3.4.0
Phpmyadmin Phpmyadmin 3.3.9.2
Phpmyadmin Phpmyadmin 3.3.1.0
Phpmyadmin Phpmyadmin 3.3.7
Phpmyadmin Phpmyadmin 3.1.5
Phpmyadmin Phpmyadmin 3.1.1
Phpmyadmin Phpmyadmin 3.3.5.0
Phpmyadmin Phpmyadmin 3.3.0.0
Phpmyadmin Phpmyadmin 3.3.6
Phpmyadmin Phpmyadmin 3.3.2.0
2 EDB exploits
NA
CVE-2011-2506
setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x prior to 3.3.10.2 and 3.4.x prior to 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote malicious users to conduct static code injection attacks by leveraging the ability to modi...
Phpmyadmin Phpmyadmin 3.0.1.1
Phpmyadmin Phpmyadmin 3.2.1
Phpmyadmin Phpmyadmin 3.3.10.0
Phpmyadmin Phpmyadmin 3.1.4
Phpmyadmin Phpmyadmin 3.1.3
Phpmyadmin Phpmyadmin 3.3.8.1
Phpmyadmin Phpmyadmin 3.2.0
Phpmyadmin Phpmyadmin 3.3.10.1
Phpmyadmin Phpmyadmin 3.1.2
Phpmyadmin Phpmyadmin 3.1.0
Phpmyadmin Phpmyadmin 3.3.3.0
Phpmyadmin Phpmyadmin 3.0.0
Phpmyadmin Phpmyadmin 3.3.4.0
Phpmyadmin Phpmyadmin 3.3.9.2
Phpmyadmin Phpmyadmin 3.3.1.0
Phpmyadmin Phpmyadmin 3.3.7
Phpmyadmin Phpmyadmin 3.1.5
Phpmyadmin Phpmyadmin 3.1.1
Phpmyadmin Phpmyadmin 3.3.5.0
Phpmyadmin Phpmyadmin 3.3.0.0
Phpmyadmin Phpmyadmin 3.3.6
Phpmyadmin Phpmyadmin 3.3.2.0
2 EDB exploits
8.8
CVSSv3
CVE-2021-32924
Invision Community (aka IPS Community Suite) prior to 4.6.0 allows eval-based PHP code injection by a moderator because the IPS\cms\modules\front\pages\_builder::previewBlock method interacts unsafely with the IPS\_Theme::runProcessFunction method.
Invisioncommunity Ips Community Suite
NA
CVE-2007-0134
Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote malicious users to execute arbitrary code via the action parameter, which is supplied to an eval function call in (1) cart.php and (2) page.php. NOTE: a later report and CVE analysis indicate that the vu...
Igeneric Ig Shop 1.0
Igeneric Ig Shop 1.4
1 EDB exploit
NA
CVE-2009-3750
SQL injection vulnerability in read.php in ToyLog 0.1 allows remote malicious users to execute arbitrary SQL commands via the idm parameter.
Santostefano Giovanni Toylog 0.1
1 EDB exploit
NA
CVE-2007-0340
SQL injection vulnerability in inc/header.inc.php in ThWboard 3.0b2.84-php5 and previous versions allows remote malicious users to execute arbitrary SQL commands via the board[styleid] parameter to index.php.
Thwboard Thwboard
1 EDB exploit
NA
CVE-2012-6046
Static code injection vulnerability in admin/banners.php in PHP Enter allows remote malicious users to inject arbitrary PHP code into horad.php via the code parameter.
Phpenter Php Enter -
1 EDB exploit
NA
CVE-2010-0726
Cross-site scripting (XSS) vulnerability in the tb-send.rb (TrackBack transmission) plugin in tDiary 2.2.2 and previous versions allows remote malicious users to inject arbitrary web script or HTML via unknown vectors, possibly related to the (1) plugin_tb_url and (2) plugin_tb_e...
Tdiary Tdiary 2.1.1
Tdiary Tdiary
Tdiary Tdiary 2.0.1
Tdiary Tdiary 2.0.2
Tdiary Tdiary 2.0.3
Tdiary Tdiary 2.1.4.2006-11-15
NA
CVE-2010-2336
index.php in Yamamah Photo Gallery 1.00 allows remote malicious users to obtain the source code of executable files within the web document root via the download parameter.
Yamamah Yamamah 1.00
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »