Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php vulnerabilities and exploits
(subscribe to this query)
1000
VMScore
CVE-2010-4931
Directory traversal vulnerability in maincore.php in PHP-Fusion allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the folder_level parameter. NOTE: this issue has been disputed by a reliable third party
Php-fusion Php-fusion -
1 EDB exploit
1000
VMScore
CVE-2009-2111
Static code injection vulnerability in add_reg.php in DB Top Sites 1.0 allows remote malicious users to inject arbitrary PHP code via a crafted (1) url and (2) location parameter.
Jnmsolutions Db Top Sites 1.0
1 EDB exploit
1000
VMScore
CVE-2009-1916
dig.php in GScripts.net DNS Tools allows remote malicious users to execute arbitrary commands via shell metacharacters in the ns parameter.
Gscripts Dns Tools
1 EDB exploit
1000
VMScore
CVE-2009-1669
The smarty_function_math function in libs/plugins/function.math.php in Smarty 2.6.22 allows context-dependent malicious users to execute arbitrary commands via shell metacharacters in the equation attribute of the math function. NOTE: some of these details are obtained from third...
Smarty Smarty 2.6.22
1 EDB exploit
1000
VMScore
CVE-2008-6761
Static code injection vulnerability in admin/install.php in Flexcustomer 0.0.6 might allow remote malicious users to inject arbitrary PHP code into const.inc.php via the installdbname parameter (aka the Database Name field). NOTE: the installation instructions specify deleting ad...
China-on-site Flexcustomer0.0.6
1 EDB exploit
1000
VMScore
CVE-2009-1361
dig.php in GScripts.net DNS Tools allows remote malicious users to execute arbitrary commands via shell metacharacters in the host parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Gscripts Dns Tools
1 EDB exploit
1000
VMScore
CVE-2008-6651
Static code injection vulnerability in edithistory.php in OxYProject OxYBox 0.85 allows remote malicious users to inject arbitrary PHP code into oxyhistory.php via the oxymsg parameter.
Oxyproject Oxybox 0.85
1 EDB exploit
1000
VMScore
CVE-2009-0517
Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and previous versions allows remote malicious users to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tz_env.class. NOTE: so...
Phpslash Phpslash 0.7.2
Phpslash Phpslash 0.7.1
Phpslash Phpslash 0.6.1
Phpslash Phpslash 0.8.1
Phpslash Phpslash 065
Phpslash Phpslash 0.6
Phpslash Phpslash
Phpslash Phpslash 0.5.3.2
Phpslash Phpslash 0.6.2
Phpslash Phpslash 0.61
Phpslash Phpslash 0.8.0
1 EDB exploit
1000
VMScore
CVE-2008-5963
Eval injection vulnerability in library/setup/rpc.php in Gravity Getting Things Done (GTD) 0.4.5 and previous versions allows remote malicious users to execute arbitrary PHP code via the objectname parameter.
Gravity-gtd Gravity-gtd 0.4
Gravity-gtd Gravity-gtd
Gravity-gtd Gravity-gtd 0.3
Gravity-gtd Gravity-gtd 0.2
1 EDB exploit
1000
VMScore
CVE-2008-5332
Multiple PHP remote file inclusion vulnerabilities in Pie 0.5.3 allow remote malicious users to execute arbitrary PHP code via a URL in the (1) lib parameter to files in lib/action/ including (a) alias.php, (b) cancel.php, (c) context.php, (d) deadlinks.php, (e) delete.php, and o...
Pie Pie 0.5.3
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
hard-coded
CVE-2024-27202
NULL pointer dereference
CVE-2024-28075
CVE-2024-33608
CVE-2024-28889
CVE-2024-34572
template injection
CVE-2024-34351
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »