Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-4307
SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an malicious user to send a specially crafted SQL query to the database through different endpoints (/accounts/activities.php?id=1, /accounts/view-deposit.php?id=1, /accounts/view_cards...
NA
CVE-2024-4309
SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an malicious user to send a specially crafted SQL query to the database through different endpoints (/user/transaction.php?id=1, /user/credit-debit_transaction.php?id=1,/user/view_trans...
NA
CVE-2024-4306
Critical unrestricted file upload vulnerability in HubBank affecting version 1.0.2. This vulnerability allows a registered user to upload malicious PHP files via upload document fields, resulting in webshell execution.
NA
CVE-2024-1874
In PHP versions 8.1.* prior to 8.1.28, 8.2.* prior to 8.2.18, 8.3.* prior to 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that woul...
1 Github repository
NA
CVE-2024-3096
In PHP version 8.1.* prior to 8.1.28, 8.2.* prior to 8.2.18, 8.3.* prior to 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true.
1 Github repository
NA
CVE-2024-2756
Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications.
NA
CVE-2024-2757
In PHP 8.3.* prior to 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function.
NA
CVE-2024-28613
SQL Injection vulnerability in PHP Task Management System v.1.0 allows a remote malicious user to escalate privileges and obtain sensitive information via the task_id parameter of the task-details.php, and edit-task.php component.
NA
CVE-2024-32480
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions before 24.4.0 are vulnerable to SQL injection. The `order` parameter is obtained from `$request`. After performing a string check, the value is directly incorporated into an SQL statement and con...
NA
CVE-2024-32461
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A SQL injection vulnerability in POST /search/search=packages in LibreNMS prior to version 24.4.0 allows a user with global read privileges to execute SQL commands via the package parameter. With this vul...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460
CVE-2024-4646
CVE-2024-29212
IMAP
CVE-2023-36672
CVE-2024-34547
command injection
CVE-2024-4651
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »