Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-30980
SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows malicious users to run arbitrary SQL commands via the Computer Location parameter in manage-computer.php page.
NA
CVE-2024-30981
SQL Injection vulnerability in /edit-computer-detail.php in phpgurukul Cyber Cafe Management System Using PHP & MySQL v1.0 allows malicious users to run arbitrary SQL commands via editid in the application URL.
NA
CVE-2024-30983
SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows malicious users to run arbitrary SQL commands via the compname parameter in /edit-computer-detail.php file.
NA
CVE-2024-3804
A vulnerability, which was classified as critical, has been found in Vesystem Cloud Desktop up to 20240408. This issue affects some unknown processing of the file /Public/webuploader/0.1.5/server/fileupload2.php. The manipulation of the argument file leads to unrestricted upload....
NA
CVE-2024-28556
SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote malicious users to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to admin-manage-user.php.
NA
CVE-2024-28557
SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote malicious users to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to update-admin.php.
NA
CVE-2023-48710
iTop is an IT service management platform. Files from the `env-production` folder can be retrieved even though they should have restricted access. Hopefully, there is no sensitive files stored in that folder natively, but there could be from a third-party module. The `pages/exec....
NA
CVE-2024-3706
Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an malicious user to view a php backup file (controlaccess.php-LAST) where database credentials are stored.
NA
CVE-2024-3707
Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an malicious user to enumerate all files in the web tree by accessing a php file.
NA
CVE-2024-3054
WPvivid Backup & Migration Plugin for WordPress is vulnerable to PHAR Deserialization in all versions up to, and including, 0.9.99 via deserialization of untrusted input at the wpvividstg_get_custom_exclude_path_free action. This is due to the plugin not providing sufficient ...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »