Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
code injection vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2014-1632
htdocs/setup/index.php in Eventum prior to 2.3.5 allows remote malicious users to inject and execute arbitrary PHP code via the hostname parameter.
Eventum Project Eventum
1 EDB exploit
9.8
CVSSv3
CVE-2012-1495
install/index.php in WebCalendar prior to 1.2.5 allows remote malicious users to execute arbitrary code via the form_single_user_login parameter.
Webcalendar Project Webcalendar
2 EDB exploits
1 Github repository
NA
CVE-2011-2505
libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x prior to 3.3.10.2 and 3.4.x prior to 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote malicious users to modify the SESSION superglob...
Phpmyadmin Phpmyadmin 3.0.1.1
Phpmyadmin Phpmyadmin 3.2.1
Phpmyadmin Phpmyadmin 3.3.10.0
Phpmyadmin Phpmyadmin 3.1.4
Phpmyadmin Phpmyadmin 3.1.3
Phpmyadmin Phpmyadmin 3.3.8.1
Phpmyadmin Phpmyadmin 3.2.0
Phpmyadmin Phpmyadmin 3.3.10.1
Phpmyadmin Phpmyadmin 3.1.2
Phpmyadmin Phpmyadmin 3.1.0
Phpmyadmin Phpmyadmin 3.3.3.0
Phpmyadmin Phpmyadmin 3.0.0
Phpmyadmin Phpmyadmin 3.3.4.0
Phpmyadmin Phpmyadmin 3.3.9.2
Phpmyadmin Phpmyadmin 3.3.1.0
Phpmyadmin Phpmyadmin 3.3.7
Phpmyadmin Phpmyadmin 3.1.5
Phpmyadmin Phpmyadmin 3.1.1
Phpmyadmin Phpmyadmin 3.3.5.0
Phpmyadmin Phpmyadmin 3.3.0.0
Phpmyadmin Phpmyadmin 3.3.6
Phpmyadmin Phpmyadmin 3.3.2.0
2 EDB exploits
NA
CVE-2011-2506
setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x prior to 3.3.10.2 and 3.4.x prior to 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote malicious users to conduct static code injection attacks by leveraging the ability to modi...
Phpmyadmin Phpmyadmin 3.0.1.1
Phpmyadmin Phpmyadmin 3.2.1
Phpmyadmin Phpmyadmin 3.3.10.0
Phpmyadmin Phpmyadmin 3.1.4
Phpmyadmin Phpmyadmin 3.1.3
Phpmyadmin Phpmyadmin 3.3.8.1
Phpmyadmin Phpmyadmin 3.2.0
Phpmyadmin Phpmyadmin 3.3.10.1
Phpmyadmin Phpmyadmin 3.1.2
Phpmyadmin Phpmyadmin 3.1.0
Phpmyadmin Phpmyadmin 3.3.3.0
Phpmyadmin Phpmyadmin 3.0.0
Phpmyadmin Phpmyadmin 3.3.4.0
Phpmyadmin Phpmyadmin 3.3.9.2
Phpmyadmin Phpmyadmin 3.3.1.0
Phpmyadmin Phpmyadmin 3.3.7
Phpmyadmin Phpmyadmin 3.1.5
Phpmyadmin Phpmyadmin 3.1.1
Phpmyadmin Phpmyadmin 3.3.5.0
Phpmyadmin Phpmyadmin 3.3.0.0
Phpmyadmin Phpmyadmin 3.3.6
Phpmyadmin Phpmyadmin 3.3.2.0
2 EDB exploits
8.8
CVSSv3
CVE-2021-32924
Invision Community (aka IPS Community Suite) prior to 4.6.0 allows eval-based PHP code injection by a moderator because the IPS\cms\modules\front\pages\_builder::previewBlock method interacts unsafely with the IPS\_Theme::runProcessFunction method.
Invisioncommunity Ips Community Suite
NA
CVE-2012-6046
Static code injection vulnerability in admin/banners.php in PHP Enter allows remote malicious users to inject arbitrary PHP code into horad.php via the code parameter.
Phpenter Php Enter -
1 EDB exploit
NA
CVE-2009-2284
Cross-site scripting (XSS) vulnerability in phpMyAdmin prior to 3.2.0.1 allows remote malicious users to inject arbitrary web script or HTML via a crafted SQL bookmark.
Phpmyadmin Phpmyadmin 2.0.2
Phpmyadmin Phpmyadmin 2.0.5
Phpmyadmin Phpmyadmin 2.10.2
Phpmyadmin Phpmyadmin 2.10.0.0
Phpmyadmin Phpmyadmin 2.10.1.0
Phpmyadmin Phpmyadmin 2.10.2.0
Phpmyadmin Phpmyadmin 2.10.3.0
Phpmyadmin Phpmyadmin 2.11.1.0
Phpmyadmin Phpmyadmin 2.11.1
Phpmyadmin Phpmyadmin 2.11.5.0
Phpmyadmin Phpmyadmin 2.11.3.0
Phpmyadmin Phpmyadmin 2.11.3
Phpmyadmin Phpmyadmin 2.11.7.0
Phpmyadmin Phpmyadmin 2.11.6rc1
Phpmyadmin Phpmyadmin 2.11.6
Phpmyadmin Phpmyadmin 2.11.9.1
Phpmyadmin Phpmyadmin 2.11.9.2
Phpmyadmin Phpmyadmin 2.2.0 Pre1
Phpmyadmin Phpmyadmin 2.2.2
Phpmyadmin Phpmyadmin 2.2.4
Phpmyadmin Phpmyadmin 2.2.6
Phpmyadmin Phpmyadmin 2.2 Rc3
NA
CVE-2009-2735
SQL injection vulnerability in admin.php in sun-jester OpenNews 1.0, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the username parameter.
Sun-jester Opennews 1.0
1 EDB exploit
NA
CVE-2007-0340
SQL injection vulnerability in inc/header.inc.php in ThWboard 3.0b2.84-php5 and previous versions allows remote malicious users to execute arbitrary SQL commands via the board[styleid] parameter to index.php.
Thwboard Thwboard
1 EDB exploit
9.8
CVSSv3
CVE-2022-31056
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all assistance forms (Ticket/Change/Problem) permit sql injection on the actor fields. This issue has been resolved in...
Glpi-project Glpi
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36954
CVE-2024-36933
CVE-2024-24919
CVE-2024-36923
CVE-2024-2961
CVE-2024-36925
bypass
encryption
command injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »