Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-43457
An issue in Service Provider Management System v.1.0 allows a remote malicious user to gain privileges via the ID parameter in the /php-spms/admin/?page=user/ endpoint.
Oretnom23 Service Provider Management System 1.0
9.8
CVSSv3
CVE-2023-43144
Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" parameter in delete.php.
Projectworlds Asset Management System Project In Php 1.0
1 Github repository
9.8
CVSSv3
CVE-2015-5467
web\ViewAction in Yii (aka Yii2) 2.x prior to 2.0.5 allows malicious users to execute any local .php file via a relative path in the view parameeter.
Yiiframework Yii
9.8
CVSSv3
CVE-2023-40619
phpPgAdmin 7.14.4 and previous versions is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places. An example is the functionality to ...
Phppgadmin Project Phppgadmin
9.8
CVSSv3
CVE-2023-42359
SQL injection vulnerability in Exam Form Submission in PHP with Source Code v.1.0 allows a remote malicious user to escalate privileges via the val-username parameter in /index.php.
Exam Form Submission In Php With Source Code Project Exam Form Submission In Php With Source Code 1.0
9.8
CVSSv3
CVE-2023-38912
SQL injection vulnerability in Super Store Finder PHP Script v.3.6 allows a remote malicious user to execute arbitrary code via a crafted payload to the username parameter.
Superstorefinder Php Script 3.6
9.8
CVSSv3
CVE-2023-41892
Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations prior to 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.
Craftcms Craft Cms
1 Metasploit module
5 Github repositories
9.8
CVSSv3
CVE-2023-41330
knplabs/knp-snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. ## Issue On March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an malicious user to gain remote code execution through PHAR deserialization. Version 1.4....
Knplabs Snappy
9.8
CVSSv3
CVE-2023-36076
SQL Injection vulnerability in smanga version 3.1.9 and previous versions, allows remote malicious users to execute arbitrary code and gain sensitive information via mediaId, mangaId, and userId parameters in php/history/add.php.
Pocketmanga Smanga
9.8
CVSSv3
CVE-2023-40759
User enumeration is found in PHP Jabbers Restaurant Booking Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an malicious user to determine if the user is valid or not, enabling a brute force attack with valid users.
Phpjabbers Restaurant Booking Script 3.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site request forgery
CVE-2024-34351
CVE-2024-1076
CVE-2024-25522
CVE-2024-34547
CVE-2024-4644
unauthorized
remote
CVE-2024-4671
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »