Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php - vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2024-2408
The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/p...
Php Php
Fedoraproject Fedora 40
9.8
CVSSv3
CVE-2024-4577
In PHP versions 8.1.* prior to 8.1.29, 8.2.* prior to 8.2.20, 8.3.* prior to 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API ...
Php Php
Fedoraproject Fedora 39
Fedoraproject Fedora 40
1 Metasploit module
35 Github repositories
2 Articles
8.8
CVSSv3
CVE-2024-5585
In PHP versions 8.1.* prior to 8.1.29, 8.2.* prior to 8.2.20, 8.3.* prior to 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_open() command with array syntax, due to insufficient escaping, if the argumen...
Php Php
Fedoraproject Fedora 40
5.3
CVSSv3
CVE-2024-5458
In PHP versions 8.1.* prior to 8.1.29, 8.2.* prior to 8.2.20, 8.3.* prior to 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (usernam...
Php Php
Fedoraproject Fedora 40
NA
CVE-2024-36811
An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows malicious users to execute arbitrary code via uploading a crafted PHP file.
NA
CVE-2024-30162
Invision Community up to and including 4.7.16 allows remote code execution via the applications/core/modules/admin/editor/toolbar.php IPS\core\modules\admin\editor\_toolbar::addPlugin() method. This method handles uploaded ZIP files that are extracted into the applications/core/i...
NA
CVE-2024-4620
The ARForms - Premium WordPress Form Builder Plugin WordPress plugin prior to 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form
NA
CVE-2024-36774
An arbitrary file upload vulnerability in Monstra CMS v3.0.4 allows malicious users to execute arbitrary code via uploading a crafted PHP file.
6.1
CVSSv3
CVE-2024-5673
Vulnerability in Dulldusk's PHP File Manager affecting version 1.7.8. This vulnerability consists of an XSS through the fm_current_dir parameter of index.php. An attacker could send a specially crafted JavaScript payload to an authenticated user and partially hijack their br...
Dulldusk Phpfilemanager 1.7.8
5.4
CVSSv3
CVE-2024-2017
The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the conditionsRow and switchCountdown functions in all versions up to, and including, 2.7.8. This makes it possible...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-28995
CVE-2024-36680
CVE-2024-35537
unauthorized
CVE-2024-21518
CVE-2024-37673
cross-site scripting
SSRF
CVE-2024-6241
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »