Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
code injection vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2015-7712
Multiple eval injection vulnerabilities in mods/_standard/gradebook/edit_marks.php in ATutor 2.2 and previous versions allow remote authenticated users with the AT_PRIV_GRADEBOOK privilege to execute arbitrary PHP code via the (1) asc or (2) desc parameter.
Atutor Atutor
7.5
CVSSv2
CVE-2021-45029
Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1.
Apache Shenyu 2.4.0
Apache Shenyu 2.4.1
6.5
CVSSv2
CVE-2021-27230
ExpressionEngine prior to 5.4.2 and 6.x prior to 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save() to write to an _lang.php file under the system/user/language directory.
Expressionengine Expressionengine
6
CVSSv2
CVE-2011-4558
Tiki 8.2 and previous versions allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters.
Tiki Tiki
1 EDB exploit
7.5
CVSSv2
CVE-2013-1349
Eval injection vulnerability in ajax.php in openSIS 4.5 up to and including 5.2 allows remote malicious users to execute arbitrary PHP code via the modname parameter.
Os4ed Opensis 4.6
Os4ed Opensis 4.5
Os4ed Opensis 4.8.1
Os4ed Opensis 4.7
Os4ed Opensis 5.2
Os4ed Opensis 5.1
Os4ed Opensis 5.0
Os4ed Opensis 4.9
Os4ed Opensis 4.8
1 EDB exploit
4.3
CVSSv2
CVE-2003-0495
Cross-site scripting (XSS) vulnerability in LedNews 0.7 allows remote malicious users to insert arbitrary web script via a news item.
Ledscripts.com Lednews 0.7
1 EDB exploit
3.5
CVSSv2
CVE-2007-1947
Cross-zone scripting vulnerability in the DOM templates (domplates) used by the console.log function in the Firebug extension prior to 1.04 for Mozilla Firefox allows remote malicious users to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the...
Parakey Inc. Firebug
1 EDB exploit
7.5
CVSSv2
CVE-2002-1481
savesettings.php in phpGB 1.20 and previous versions does not require authentication, which allows remote malicious users to cause a denial of service or execute arbitrary PHP code by using savesettings.php to modify config.php.
Phpgb Phpgb 1.10
Phpgb Phpgb 1.20
1 EDB exploit
5
CVSSv2
CVE-2006-4979
Direct static code injection vulnerability in cfgphpquiz/install.php in Walter Beschmout PhpQuiz 1.2 and previous versions allows remote malicious users to inject arbitrary PHP code in config.inc.php via modified configuration settings.
Walter Beschmout Phpquiz
1 EDB exploit
7.5
CVSSv2
CVE-2012-5231
miniCMS 1.0 and 2.0 allows remote malicious users to execute arbitrary PHP code via a crafted (1) pagename or (2) area variable containing an executable extension, which is not properly handled by (a) update.php when writing files to content/, or (b) updatenews.php when writing f...
Jessgramp Minicms 1.0
Jessgramp Minicms 2.0
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »