Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-45856
qdPM 9.2 allows remote code execution by using the Add Attachments feature of Edit Project to upload a .php file to the /uploads URI.
Qdpm Qdpm 9.2
9.8
CVSSv3
CVE-2023-44974
An arbitrary file upload vulnerability in the component /admin/plugin.php of Emlog Pro v2.2.0 allows malicious users to execute arbitrary code via uploading a crafted PHP file.
Emlog Emlog 2.2.0
1 Github repository
9.8
CVSSv3
CVE-2023-44973
An arbitrary file upload vulnerability in the component /content/templates/ of Emlog Pro v2.2.0 allows malicious users to execute arbitrary code via uploading a crafted PHP file.
Emlog Emlog 2.2.0
9.8
CVSSv3
CVE-2023-5053
Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI.
Projectworlds Hospital Management System In Php 2018-06-17
9.8
CVSSv3
CVE-2023-5004
Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI.
Projectworlds Hospital Management System In Php 2018-06-17
9.8
CVSSv3
CVE-2023-43154
In Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, loose comparison in "isValidLogin()" function during login attempt results in PHP type confusion vulnerability that leads to authentication bypass and takeover of the administrator account.
Macs Cms Project Macs Cms 1.1.4f
2 Github repositories
9.8
CVSSv3
CVE-2023-43457
An issue in Service Provider Management System v.1.0 allows a remote malicious user to gain privileges via the ID parameter in the /php-spms/admin/?page=user/ endpoint.
Oretnom23 Service Provider Management System 1.0
9.8
CVSSv3
CVE-2023-43144
Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" parameter in delete.php.
Projectworlds Asset Management System Project In Php 1.0
1 Github repository
9.8
CVSSv3
CVE-2015-5467
web\ViewAction in Yii (aka Yii2) 2.x prior to 2.0.5 allows malicious users to execute any local .php file via a relative path in the view parameeter.
Yiiframework Yii
9.8
CVSSv3
CVE-2023-40619
phpPgAdmin 7.14.4 and previous versions is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places. An example is the functionality to ...
Phppgadmin Project Phppgadmin
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »