Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-38912
SQL injection vulnerability in Super Store Finder PHP Script v.3.6 allows a remote malicious user to execute arbitrary code via a crafted payload to the username parameter.
Superstorefinder Php Script 3.6
9.8
CVSSv3
CVE-2023-41892
Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations prior to 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.
Craftcms Craft Cms
1 Metasploit module
5 Github repositories
9.8
CVSSv3
CVE-2023-41330
knplabs/knp-snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. ## Issue On March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an malicious user to gain remote code execution through PHAR deserialization. Version 1.4....
Knplabs Snappy
9.8
CVSSv3
CVE-2023-36076
SQL Injection vulnerability in smanga version 3.1.9 and previous versions, allows remote malicious users to execute arbitrary code and gain sensitive information via mediaId, mangaId, and userId parameters in php/history/add.php.
Pocketmanga Smanga
9.8
CVSSv3
CVE-2023-40759
User enumeration is found in PHP Jabbers Restaurant Booking Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an malicious user to determine if the user is valid or not, enabling a brute force attack with valid users.
Phpjabbers Restaurant Booking Script 3.0
9.8
CVSSv3
CVE-2023-40760
User enumeration is found in PHP Jabbers Hotel Booking System v4.0. This issue occurs during password recovery, where a difference in messages could allow an malicious user to determine if the user is valid or not, enabling a brute force attack with valid users.
Phpjabbers Hotel Booking System 4.0
9.8
CVSSv3
CVE-2023-40764
User enumeration is found in PHP Jabbers Car Rental Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an malicious user to determine if the user is valid or not, enabling a brute force attack with valid users.
Phpjabbers Car Rental Script 3.0
9.8
CVSSv3
CVE-2023-4542
A vulnerability was found in D-Link DAR-8000-10 up to 20230809. It has been classified as critical. This affects an unknown part of the file /app/sys1.php. The manipulation of the argument cmd with the input id leads to os command injection. It is possible to initiate the attack ...
Dlink Dar-8000-10 Firmware
1 Github repository
9.8
CVSSv3
CVE-2022-24989
TerraMaster NAS up to and including 4.2.30 allows remote WAN malicious users to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. (Shell metacharacters can be placed in raidtype because pop...
Terra-master Terramaster Operating System
1 Metasploit module
9.8
CVSSv3
CVE-2023-40174
Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Insufficient session expiration is a web application security vulnerability that occurs when a web application does not properly manage the lifecycle of a use...
Fobybus Social-media-skeleton
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »