Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-36994
In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an malicious user to overwrite the server configuration and inject PHP code.
Travianz Project Travianz 8.3.4
Travianz Project Travianz 8.3.3
9.8
CVSSv3
CVE-2020-22153
File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote malicious user to execute arbitrary code via a crafted .php file to the upload parameter in the navigation function.
Thedaylightstudio Fuel Cms 1.4.6
9.8
CVSSv3
CVE-2020-18432
File Upload vulnerability in SEMCMS PHP 3.7 allows remote malicious users to upload arbitrary files and gain escalated privileges.
Sem-cms Semcms 3.7
9.8
CVSSv3
CVE-2023-34487
itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to SQL Injection. SQL injection points exist in the login password input box. This vulnerability can be exploited through time-based blind injection.
Online Hotel Management System Project Online Hotel Management System 1.0.0
1 Github repository
9.8
CVSSv3
CVE-2023-33592
Lost and Found Information System v1.0 exists to contain a SQL injection vulnerability via the component /php-lfis/admin/?page=system_info/contact_information.
Oretnom23 Lost And Found Information System 1.0
1 Github repository
9.8
CVSSv3
CVE-2023-2068
The File Manager Advanced Shortcode WordPress plugin up to and including 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst cas...
Advancedfilemanager File Manager Advanced Shortcode
9.8
CVSSv3
CVE-2023-35169
PHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled. Prior to version 5.3.0, an unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability, which results in a rem...
Webklex Php-imap
9.8
CVSSv3
CVE-2023-2278
The WP Directory Kit plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.9 via the 'wdk_public_action' function. This allows unauthenticated malicious users to include and execute arbitrary files on the server, allowing the e...
Wpdirectorykit Wp Directory Kit
9.8
CVSSv3
CVE-2023-34581
Sourcecodester Service Provider Management System v1.0 is vulnerable to SQL Injection via the ID parameter in /php-spms/?page=services/view&id=2
Oretnom23 Service Provider Management System 1.0
9.8
CVSSv3
CVE-2020-36718
The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input "njt_gdpr_allow_permissions" value. This allows unauthenticated malicious users to inject a PHP Objec...
Ninjateam Gpdr Ccpa Compliance Support
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4541
CVE-2024-3080
CVE-2024-4787
log injection
CVE-2024-5967
inject
CVE-2024-30078
CVE-2024-5899
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »