Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php web scripts vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-24233
A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/orders.php?o=add of Inventory Management System v1 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Client Name parameter.
Inventory Management System Project Inventory Management System 1.0
5.1
CVSSv2
CVE-2006-5931
Multiple PHP remote file inclusion vulnerabilities in Aigaion Web based bibliography management system 1.2.1, when register_globals is enabled, allow remote malicious users to execute arbitrary PHP code via a URL in the DIR parameter to certain PHP scripts in (1) lib/actions/, (2...
Aigaion Aigaion 1.2.1
7.5
CVSSv2
CVE-2007-2609
Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 allow remote malicious users to execute arbitrary PHP code via a URL in the (a) ETCDIR parameter to (1) libs/lom.php; (2) lom_update.php, (3) check-lom.php, and (4) weigh_keywords.php in scripts/; the (b) LIBSDIR ...
Gnuedu Gnu Edu 1.3b2
1 EDB exploit
4.3
CVSSv2
CVE-2015-6584
Cross-site scripting (XSS) vulnerability in the DataTables plugin 1.10.8 and previous versions for jQuery allows remote malicious users to inject arbitrary web script or HTML via the scripts parameter to media/unit_testing/templates/6776.php.
Sprymedia Datatables
7.5
CVSSv2
CVE-2005-2498
Eval injection vulnerability in PHPXMLRPC 1.1.1 and previous versions (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote malicious users to execute arbitrary PHP code via certain nested XML t...
Gggeek Phpxmlrpc
Debian Debian Linux 3.1
6.5
CVSSv2
CVE-2021-40845
The web part of Zenitel AlphaCom XE Audio Server up to and including 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension of the uploaded files is checked, allowing execution of PHP code und...
Zenitel Alphacom Xe Audio Server
1 Github repository
NA
CVE-2024-0658
The Insert PHP Code Snippet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user's name when accessing the insert-php-code-snippet-manage page in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. Th...
4.3
CVSSv2
CVE-2006-1082
Multiple cross-site scripting (XSS) vulnerabilities in phpArcadeScript 2.0 and previous versions allow remote malicious users to inject arbitrary web script or HTML via (1) the gamename parameter in tellafriend.php, (2) the login_status parameter in loginbox.php, (3) the submissi...
Phparcadescript Phparcadescript 2.0
NA
CVE-2022-39284
CodeIgniter is a PHP full-stack web framework. In versions before 4.2.7 setting `$secure` or `$httponly` value to `true` in `Config\Cookie` is not reflected in `set_cookie()` or `Response::setCookie()`. As a result cookie values are erroneously exposed to scripts. It should be no...
Codeigniter Codeigniter
NA
CVE-2024-3729
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'fea_encrypt' function in all versions up to, and including, 3.19.4. This makes it possible for unauthenticated malicious users to manipulate the...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »