Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php vulnerabilities and exploits
(subscribe to this query)
1000
VMScore
CVE-2008-0743
PHP remote file inclusion vulnerability in members_help.php in Joovili 2.1 and previous versions allows remote malicious users to execute arbitrary PHP code via a URL in the hlp parameter.
Joovili Joovili
1 EDB exploit
1000
VMScore
CVE-2008-0148
TUTOS 1.3 does not restrict access to php/admin/cmd.php, which allows remote malicious users to execute arbitrary shell commands via the cmd parameter in a direct request.
Tutos Tutos 1.3
1 EDB exploit
1000
VMScore
CVE-2007-5452
Multiple SQL injection vulnerabilities in php-stats.recjs.php in Php-Stats 0.1.9.2 allow remote malicious users to execute arbitrary SQL commands via the (1) ip or (2) t parameter.
Php-stats Php-stats 0.1.9.2
1 EDB exploit
1000
VMScore
CVE-2007-4338
index.php in Ryan Haudenschilt Family Connections (FCMS) prior to 0.9 allows remote malicious users to access an arbitrary account by placing the account's name in the value of an fcms_login_id cookie. NOTE: this can be leveraged for code execution via a POST with PHP code i...
Haudenschilt Family Connections Cms 0.1.1
Haudenschilt Family Connections Cms 0.1.2
Haudenschilt Family Connections Cms 0.5
Haudenschilt Family Connections Cms 0.6
Haudenschilt Family Connections Cms
1 EDB exploit
1000
VMScore
CVE-2007-3980
PHP remote file inclusion vulnerability in page.php in RCMS Pro RGameScript Pro allows remote malicious users to execute arbitrary PHP code via a URL in the id parameter.
Rcms Pro Rgamescript Pro 0
1 EDB exploit
1000
VMScore
CVE-2007-3270
PHP remote file inclusion vulnerability in Includes/global.inc.php in phpMyInventory 2.8 allows remote malicious users to execute arbitrary PHP code via a URL in the strIncludePrefix parameter.
Phpmyinventory Phpmyinventory 2.8
1 EDB exploit
1000
VMScore
CVE-2007-2985
Pheap 2.0 allows remote malicious users to bypass authentication by setting a pheap_login cookie value to the administrator's username, which can be used to (1) obtain sensitive information, including the administrator password, via settings.php or (2) upload and execute arb...
Pheap Pheap 2.0
1 EDB exploit
1000
VMScore
CVE-2007-0448
The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent malicious users to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI.
Php Php 5.2.0
1 EDB exploit
1000
VMScore
CVE-2007-2736
PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote malicious users to execute arbitrary PHP code via a URL in the config_atkroot parameter.
Achievo Achievo 1.1.0
1 EDB exploit
1000
VMScore
CVE-2007-2503
Directory traversal vulnerability in turbulence.php in PHP Turbulence 0.0.1 alpha allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tcore] parameter. NOTE: this vulnerability is disputed by CVE and a reliable third party ...
Php Turbulence Php Turbulence 0.0.1 Alpha
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661
open redirect
CVE-2024-25512
CVE-2024-33788
command injection
SSTI
CVE-2024-0043
CVE-2024-29210
CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »