Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-34487
itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to SQL Injection. SQL injection points exist in the login password input box. This vulnerability can be exploited through time-based blind injection.
Online Hotel Management System Project Online Hotel Management System 1.0.0
1 Github repository
9.8
CVSSv3
CVE-2023-33592
Lost and Found Information System v1.0 exists to contain a SQL injection vulnerability via the component /php-lfis/admin/?page=system_info/contact_information.
Oretnom23 Lost And Found Information System 1.0
1 Github repository
9.8
CVSSv3
CVE-2023-2068
The File Manager Advanced Shortcode WordPress plugin up to and including 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst cas...
Advancedfilemanager File Manager Advanced Shortcode
9.8
CVSSv3
CVE-2023-35169
PHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled. Prior to version 5.3.0, an unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability, which results in a rem...
Webklex Php-imap
9.8
CVSSv3
CVE-2023-2278
The WP Directory Kit plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.9 via the 'wdk_public_action' function. This allows unauthenticated malicious users to include and execute arbitrary files on the server, allowing the e...
Wpdirectorykit Wp Directory Kit
9.8
CVSSv3
CVE-2023-34581
Sourcecodester Service Provider Management System v1.0 is vulnerable to SQL Injection via the ID parameter in /php-spms/?page=services/view&id=2
Oretnom23 Service Provider Management System 1.0
9.8
CVSSv3
CVE-2020-36718
The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input "njt_gdpr_allow_permissions" value. This allows unauthenticated malicious users to inject a PHP Objec...
Ninjateam Gpdr Ccpa Compliance Support
9.8
CVSSv3
CVE-2020-36726
The Ultimate Reviews plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.1.32 via deserialization of untrusted input in several vulnerable functions. This allows unauthenticated malicious users to inject a PHP Object. No POP chain is pre...
Etoilewebdesign Ultimate Reviews
9.8
CVSSv3
CVE-2020-36727
The Newsletter Manager plugin for WordPress is vulnerable to insecure deserialization in versions up to, and including, 1.5.1. This is due to unsanitized input from the 'customFieldsDetails' parameter being passed through a deserialization function. This potentially mak...
Xyzscripts Newsletter Manager
9.8
CVSSv3
CVE-2023-3059
A vulnerability, which was classified as critical, was found in SourceCodester Online Exam Form Submission 1.0. This affects an unknown part of the file /admin/update_s6.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotel...
Online Exam Form Submission Project Online Exam Form Submission 1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »