Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 3.0.4 vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2018-17418
Monstra CMS 3.0.4 allows remote malicious users to execute arbitrary PHP code via a mixed-case file extension, as demonstrated by the 123.PhP filename, because plugins\box\filesmanager\filesmanager.admin.php mishandles the forbidden_types variable.
Monstra Monstra 3.0.4
7.2
CVSSv3
CVE-2018-15886
Monstra CMS 3.0.4 does not properly restrict modified Snippet content, as demonstrated by the admin/index.php?id=snippets&action=edit_snippet&filename=google-analytics URI, which allows malicious users to execute arbitrary PHP code by placing this code after a <?php su...
Monstra Monstra 3.0.4
6.5
CVSSv3
CVE-2018-15185
PHP Scripts Mall Naukri / Shine / Jobsite Clone Script 3.0.4 allows remote malicious users to cause a denial of service (page update outage) via crafted PHP and JavaScript code in the "Current Position" field.
Naukri Clone Script Project Naukri Clone Script 3.0.4
5.4
CVSSv3
CVE-2018-15184
PHP Scripts Mall Naukri / Shine / Jobsite Clone Script 3.0.4 has Stored XSS via the USERNAME field, a related issue to CVE-2018-6795.
Naukri Clone Script Project Naukri Clone Script 3.0.4
8.8
CVSSv3
CVE-2018-9037
Monstra CMS 3.0.4 allows remote code execution via an upload_file request for a .zip file, which is automatically extracted and may contain .php files.
Monstra Monstra 3.0.4
9.8
CVSSv3
CVE-2018-7477
SQL Injection exists in PHP Scripts Mall School Management Script 3.0.4 via the Username and Password fields to parents/Parent_module/parent_login.php.
School Management Script Project School Management Script 3.0.4
1 EDB exploit
8.8
CVSSv3
CVE-2018-6383
Monstra CMS up to and including 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a ...
Monstra Monstra
8.8
CVSSv3
CVE-2017-18048
Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not.
Monstra Monstra 3.0.4
9.8
CVSSv3
CVE-2016-2403
Symfony prior to 2.8.6 and 3.x prior to 3.0.6 allows remote malicious users to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind.
Sensiolabs Symfony 2.8.1
Sensiolabs Symfony 2.8.2
Sensiolabs Symfony 2.8.3
Sensiolabs Symfony 3.0.4
Sensiolabs Symfony 3.0.5
Sensiolabs Symfony 2.8.4
Sensiolabs Symfony 2.8.5
Sensiolabs Symfony 3.0.0
Sensiolabs Symfony 3.0.1
Sensiolabs Symfony 2.8.0
Sensiolabs Symfony 3.0.2
Sensiolabs Symfony 3.0.3
9.8
CVSSv3
CVE-2016-3153
SPIP 2.x prior to 2.1.19, 3.0.x prior to 3.0.22, and 3.1.x prior to 3.1.1 allows remote malicious users to execute arbitrary PHP code by adding content, related to the filtrer_entites function.
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Spip Spip 3.0.0
Spip Spip 3.0.9
Spip Spip 3.0.8
Spip Spip 3.0.7
Spip Spip 2.1.6
Spip Spip 2.1.5
Spip Spip 2.1.4
Spip Spip 2.1.3
Spip Spip 2.0.8
Spip Spip 3.1.0
Spip Spip 3.0.20
Spip Spip 3.0.2
Spip Spip 3.0.14
Spip Spip 3.0.15
Spip Spip 3.0.16
Spip Spip 3.0.17
Spip Spip 2.1.15
Spip Spip 2.1.14
Spip Spip 2.1.13
Spip Spip 2.1.12
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »