Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php group vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2008-1074
PHP remote file inclusion vulnerability in lib/head_auth.php in GROUP-E 1.6.41 allows remote malicious users to execute arbitrary PHP code via a URL in the CFG[PREPEND_FILE] parameter.
Group E Group E 1.6.41
1 EDB exploit
10
CVSSv2
CVE-2005-2149
config.php in Cacti 0.8.6e and previous versions allows remote malicious users to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks.
The Cacti Group Cacti 0.8.2
The Cacti Group Cacti 0.8.2a
The Cacti Group Cacti 0.8.6a
The Cacti Group Cacti 0.8.6b
The Cacti Group Cacti 0.8.4
The Cacti Group Cacti 0.8.5
The Cacti Group Cacti 0.8.6e
The Cacti Group Cacti 0.8.3
The Cacti Group Cacti 0.8.3a
The Cacti Group Cacti 0.8.6c
The Cacti Group Cacti 0.8.6d
The Cacti Group Cacti 0.8
The Cacti Group Cacti 0.8.1
The Cacti Group Cacti 0.8.5a
The Cacti Group Cacti 0.8.6
7.5
CVSSv2
CVE-2005-2148
Cacti 0.8.6e and previous versions does not perform proper input validation to protect against common attacks, which allows remote malicious users to execute arbitrary commands or SQL by sending a legitimate value in a POST request or cookie, then specifying the attack string in ...
The Cacti Group Cacti 0.8.2a
The Cacti Group Cacti 0.8.3
The Cacti Group Cacti 0.8.1
The Cacti Group Cacti 0.8.2
The Cacti Group Cacti 0.8.6
The Cacti Group Cacti 0.8.6a
The Cacti Group Cacti 0.8.3a
The Cacti Group Cacti 0.8.4
The Cacti Group Cacti 0.8.6e
The Cacti Group Cacti 0.8.6b
The Cacti Group Cacti 0.8.6c
The Cacti Group Cacti 0.8.6d
The Cacti Group Cacti 0.8
The Cacti Group Cacti 0.8.5
The Cacti Group Cacti 0.8.5a
6.8
CVSSv2
CVE-2006-2245
PHP remote file inclusion vulnerability in auction\auction_common.php in Auction mod 1.3m for phpBB allows remote malicious users to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
Phpbb Group Phpbb-auction 1.3m
Phpbb Group Phpbb-auction 1.0m
Phpbb Group Phpbb-auction 1.2m
1 EDB exploit
7.5
CVSSv2
CVE-2006-3851
SQL injection vulnerability in upgradev1.php in X7 Chat 2.0.4 and previous versions allows remote malicious users to execute arbitrary SQL commands via the old_prefix parameter.
X7 Group X7 Chat 2.0
X7 Group X7 Chat 2.0.2
X7 Group X7 Chat 2.0.4
1 EDB exploit
7.5
CVSSv2
CVE-2005-2086
PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and previous versions allows remote malicious users to execute arbitrary PHP code.
Phpbb Group Phpbb 2.0.15
2 EDB exploits
7.5
CVSSv2
CVE-2006-3940
Multiple SQL injection vulnerabilities in phpbb-Auction allow remote malicious users to execute arbitrary SQL commands via (1) the ar parameter in auction_room.php and (2) the u parameter in auction_store.php. NOTE: the auction_rating.php vector is already covered by CVE-2005-123...
Phpbb Group Phpbb-auction 1.3m
Phpbb Group Phpbb-auction 1.0m
Phpbb Group Phpbb-auction 1.2m
2 EDB exploits
7.5
CVSSv2
CVE-2006-3221
SQL injection vulnerability in index.php in DataLife Engine 4.1 and previous versions allows remote malicious users to execute arbitrary SQL commands via double-encoded values in the user parameter in a userinfo subaction.
Softnews Media Group Datalife Engine
2 EDB exploits
4.3
CVSSv2
CVE-2006-3049
Multiple cross-site scripting (XSS) vulnerabilities in booking3.php in Mole Group Ticket Booking Script allow remote malicious users to inject arbitrary web script or HTML via the (1) name, (2) address1, (3) address2, (4) county, (5) postcode, (6) email, (7) phone, or (8) mobile ...
Mole Group Ticket Booking Script Mole Group Ticket Booking Script
5
CVSSv2
CVE-2005-1235
auction_my_auctions.php in phpbb-Auction 1.2m and previous versions allows remote malicious users to obtain sensitive information via an invalid mode parameter, which leaks the full path in a PHP error message.
Phpbb Group Phpbb-auction 1.0m
Phpbb Group Phpbb-auction 1.2m
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »