Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 3.0.4 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2002-0229
Safe Mode feature (safe_mode) in PHP 3.0 up to and including 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using "LOAD DATA INFILE LOCAL" SQL statements.
Php Php 3.0.13
Php Php 3.0.16
Php Php 3.0.8
Php Php 3.0.9
Php Php 4.1.0
Php Php 4.1.2
Php Php 3.0.1
Php Php 3.0.10
Php Php 3.0.4
Php Php 3.0.5
Php Php 4.0.3
Php Php 4.0.4
Php Php 3.0.11
Php Php 3.0.12
Php Php 3.0.6
Php Php 3.0.7
Php Php 4.0.5
Php Php 4.0.6
Php Php 3.0
Php Php 3.0.2
Php Php 3.0.3
Php Php 4.0
3 EDB exploits
6.8
CVSSv2
CVE-2010-4697
Use-after-free vulnerability in the Zend engine in PHP prior to 5.2.15 and 5.3.x prior to 5.3.4 might allow context-dependent malicious users to cause a denial of service (heap memory corruption) or have unspecified other impact via vectors related to use of __set, __get, __isset...
Php Php 5.2.0
Php Php 5.2.7
Php Php 5.2.8
Php Php 5.1.3
Php Php 5.1.2
Php Php 5.0.0
Php Php 5.0.2
Php Php 5.0.3
Php Php 4.0.4
Php Php 4.0.5
Php Php 4.1.0
Php Php 4.1.1
Php Php 4.2.3
Php Php 4.3.3
Php Php 4.3.4
Php Php 4.3.5
Php Php 4.4.2
Php Php 5.2.3
Php Php 5.2.4
Php Php 5.2.11
Php Php 5.2.12
Php Php 5.1.6
6.8
CVSSv2
CVE-2009-5016
Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in PHP prior to 5.2.11 makes it easier for remote malicious users to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string that uses overlong UTF-8 encoding, a different vul...
Php Php 5.0.0
Php Php 5.1.1
Php Php 5.1.2
Php Php
Php Php 4.0
Php Php 4.0.6
Php Php 4.0.7
Php Php 4.1.2
Php Php 4.3.0
Php Php 4.3.5
Php Php 4.3.6
Php Php 4.3.7
Php Php 4.4.4
Php Php 4.4.5
Php Php 3.0.13
Php Php 3.0.12
Php Php 3.0.14
Php Php 5.0.4
Php Php 5.0.5
Php Php 5.1.5
Php Php 5.1.6
Php Php 4.0.2
6.8
CVSSv2
CVE-2009-3558
The posix_mkfifo function in ext/posix/posix.c in PHP prior to 5.2.12 and 5.3.x prior to 5.3.1 allows context-dependent malicious users to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file.
Php Php 2.0
Php Php 2.0b10
Php Php 3.0.15
Php Php 3.0.16
Php Php 3.0.6
Php Php 3.0.7
Php Php 4.0.3
Php Php 4.0.4
Php Php 4.0
Php Php 4.1.0
Php Php 4.2.2
Php Php 4.2.3
Php Php 4.3.2
Php Php 4.3.7
Php Php 5.2.5
Php Php 5.2.6
Php Php 3.0.10
Php Php 3.0.11
Php Php 3.0.2
Php Php 3.0.3
Php Php 4.0.0
Php Php 4.0.7
6.8
CVSSv2
CVE-2006-5048
Multiple PHP remote file inclusion vulnerabilities in Security Images (com_securityimages) component 3.0.5 and previous versions for Joomla! allow remote malicious users to execute arbitrary code via a URL in the mosConfig_absolute_path parameter in (1) configinsert.php, (2) lang...
Waltercedric Com Securityimages
Waltercedric Com Securityimages 2.2.5
Waltercedric Com Securityimages 2.2.6
Waltercedric Com Securityimages 3.00
Waltercedric Com Securityimages 3.0.3
Waltercedric Com Securityimages 3.0.4
1 EDB exploit
6.5
CVSSv2
CVE-2020-13384
Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via admin/index.php?id=filesmanager because, for example, .php filenames are blocked but .php7 filenames are not, a related issue to CVE-2017-18048.
Monstra Monstra 3.0.4
6.5
CVSSv2
CVE-2018-17418
Monstra CMS 3.0.4 allows remote malicious users to execute arbitrary PHP code via a mixed-case file extension, as demonstrated by the 123.PhP filename, because plugins\box\filesmanager\filesmanager.admin.php mishandles the forbidden_types variable.
Monstra Monstra 3.0.4
6.5
CVSSv2
CVE-2018-15886
Monstra CMS 3.0.4 does not properly restrict modified Snippet content, as demonstrated by the admin/index.php?id=snippets&action=edit_snippet&filename=google-analytics URI, which allows malicious users to execute arbitrary PHP code by placing this code after a <?php su...
Monstra Monstra 3.0.4
6.5
CVSSv2
CVE-2018-9037
Monstra CMS 3.0.4 allows remote code execution via an upload_file request for a .zip file, which is automatically extracted and may contain .php files.
Monstra Monstra 3.0.4
6.5
CVSSv2
CVE-2018-6383
Monstra CMS up to and including 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a ...
Monstra Monstra
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »