Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php live php live vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2008-7151
Cross-site request forgery (CSRF) vulnerability in Live 5.x prior to 5.x-0.1, a module for Drupal, allows remote malicious users to hijack the authentication of unspecified privileged users for requests that can be leveraged to execute arbitrary PHP code.
Gurpartap Singh Live 5.x-1.x-dev
760
VMScore
CVE-2008-0821
SQL injection vulnerability in admin/traffic/knowledge_searchm.php in OSI Codes Inc. PHP Live! 3.2.2 allows remote malicious users to execute arbitrary SQL commands via the questid parameter in an expand_question action.
Osi Codes Inc. Phplive 3.2.2
2 EDB exploits
755
VMScore
CVE-2009-3062
SQL injection vulnerability in message_box.php in OSI Codes PHP Live! 3.3 allows remote malicious users to execute arbitrary SQL commands via the deptid parameter.
Phplivesupport. Phplive! 3.3
1 EDB exploit
668
VMScore
CVE-2020-8519
SQL injection with the search parameter in Records.php for phpzag live add edit delete data tables records with ajax php mysql
Phpzag Phpzag -
668
VMScore
CVE-2020-8520
SQL injection in order and column parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql
Phpzag Phpzag -
668
VMScore
CVE-2020-8521
SQL injection with start and length parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql
Phpzag Phpzag -
312
VMScore
CVE-2020-23983
Michael-design iChat Realtime PHP Live Support System 1.6 has persistent Cross-site Scripting via chat,text-filed tags.
Ichat Project Ichat 1.6
312
VMScore
CVE-2021-26938
A stored XSS issue exists in henriquedornas 5.2.17 via online live chat. NOTE: Third parties report that no such product exists. That henriquedornas is the web design agency and 5.2.17 is simply the PHP version running on this hosts
Henriquedornas Henriquedornas 5.2.17
607
VMScore
CVE-2021-25094
The Tatsu WordPress plugin prior to 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot ".", this c...
Brandexponents Tatsu
6 Github repositories
455
VMScore
CVE-2007-3060
Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 allow remote malicious users to inject arbitrary web script or HTML via the (1) sid parameter to (a) chat.php, (2) LANG[DEFAULT_BRANDING] and (3) PHPLIVE_VERSION parameters to (b) help.php, the (4) admin[name]...
Osi Codes Inc. Phplive 3.2.2
5 EDB exploits
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3