Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php web scripts vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-24041
A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the location parameter at /travel-journal/write-journal.php.
Remyandrade Travel Journal Using Php And Mysql With Source Code 1.0
NA
CVE-2024-24945
A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Share Your Moments parameter at /travel-journal/write-journal.php.
Remyandrade Travel Journal Using Php And Mysql With Source Code 1.0
7.5
CVSSv2
CVE-2003-1251
The (1) menu.inc.php, (2) datasets.php and (3) mass_operations.inc.php (mistakenly referred to as mass_opeations.inc.php) scripts in N/X 2002 allow remote malicious users to execute arbitrary PHP code via a c_path that references a URL on a remote web server that contains the cod...
Nx N X Web Content Management System 2002 Prerelease1
2 EDB exploits
5
CVSSv2
CVE-2013-7345
The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file prior to 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent malicious users to cause a denial of service (CPU consumption) via a crafted ASCII file that t...
Christos Zoulas File
Php Php
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 6.0
4.3
CVSSv2
CVE-2009-2889
Cross-site scripting (XSS) vulnerability in index.php in PHP Scripts Now Hangman allows remote malicious users to inject arbitrary web script or HTML via the letters parameter.
Phpscriptsnow Hangman -
1 EDB exploit
4.3
CVSSv2
CVE-2009-2890
Cross-site scripting (XSS) vulnerability in results.php in PHP Scripts Now Riddles allows remote malicious users to inject arbitrary web script or HTML via the searchquery parameter.
Phpscriptsnow Riddles -
1 EDB exploit
4.3
CVSSv2
CVE-2009-2884
Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts Now World's Tallest Buildings allows remote malicious users to inject arbitrary web script or HTML via the rank parameter.
Phpscriptsnow World\\'s Tallest Buildings -
1 EDB exploit
7.5
CVSSv2
CVE-2009-1151
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x prior to 2.11.9.5 and 3.x prior to 3.1.3.1 allows remote malicious users to inject arbitrary PHP code into a configuration file via the save action.
Phpmyadmin Phpmyadmin
Phpmyadmin Phpmyadmin 2.11.9.4
Phpmyadmin Phpmyadmin 2.11.9.2
Phpmyadmin Phpmyadmin 2.11.6
Phpmyadmin Phpmyadmin 2.11.6.0
Phpmyadmin Phpmyadmin 2.11.4
Phpmyadmin Phpmyadmin 2.11.1
Phpmyadmin Phpmyadmin 2.11.1.2
Phpmyadmin Phpmyadmin 3.1.2
Phpmyadmin Phpmyadmin 3.1.1
Phpmyadmin Phpmyadmin 2.11.9
Phpmyadmin Phpmyadmin 2.11.8
Phpmyadmin Phpmyadmin 2.11.5.2
Phpmyadmin Phpmyadmin 2.11.5.1
Phpmyadmin Phpmyadmin 2.11.3
Phpmyadmin Phpmyadmin 2.11.2.2
Phpmyadmin Phpmyadmin 2.11.2.1
Phpmyadmin Phpmyadmin 2.11.0
Phpmyadmin Phpmyadmin 3.1.3
Phpmyadmin Phpmyadmin 2.11.9.1
Phpmyadmin Phpmyadmin 2.11.9.0
Phpmyadmin Phpmyadmin 2.11.5
3 EDB exploits
2 Github repositories
6
CVSSv2
CVE-2015-3640
phpMyBackupPro 2.5 and previous versions does not properly escape the "." character in request parameters, which allows remote authenticated users with knowledge of a web-accessible and web-writeable directory on the target system to inject and execute arbitrary PHP scr...
Phpmybackuppro Phpmybackuppro
5
CVSSv2
CVE-2018-16454
PHP Scripts Mall Currency Converter Script 2.0.5 allows remote malicious users to cause a denial of service (web-interface change) via an inverted comma.
Currency Converter Script Project Currency Converter Script 2.0.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »