Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-40760
User enumeration is found in PHP Jabbers Hotel Booking System v4.0. This issue occurs during password recovery, where a difference in messages could allow an malicious user to determine if the user is valid or not, enabling a brute force attack with valid users.
Phpjabbers Hotel Booking System 4.0
9.8
CVSSv3
CVE-2023-40764
User enumeration is found in PHP Jabbers Car Rental Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an malicious user to determine if the user is valid or not, enabling a brute force attack with valid users.
Phpjabbers Car Rental Script 3.0
9.8
CVSSv3
CVE-2023-4542
A vulnerability was found in D-Link DAR-8000-10 up to 20230809. It has been classified as critical. This affects an unknown part of the file /app/sys1.php. The manipulation of the argument cmd with the input id leads to os command injection. It is possible to initiate the attack ...
Dlink Dar-8000-10 Firmware
1 Github repository
9.8
CVSSv3
CVE-2022-24989
TerraMaster NAS up to and including 4.2.30 allows remote WAN malicious users to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. (Shell metacharacters can be placed in raidtype because pop...
Terra-master Terramaster Operating System
1 Metasploit module
9.8
CVSSv3
CVE-2023-40174
Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Insufficient session expiration is a web application security vulnerability that occurs when a web application does not properly manage the lifecycle of a use...
Fobybus Social-media-skeleton
9.8
CVSSv3
CVE-2023-36845
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based malicious user to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modi...
Juniper Junos
Juniper Junos 20.4
Juniper Junos 21.1
Juniper Junos 21.2
Juniper Junos 21.3
Juniper Junos 21.4
Juniper Junos 22.1
Juniper Junos 22.2
Juniper Junos 22.3
Juniper Junos 22.4
20 Github repositories
1 Article
9.8
CVSSv3
CVE-2023-3452
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wp_abspath' parameter. This allows unauthenticated malicious users to include and execute arbitrary remote code on the server, provided that allow_url_...
Canto Canto
2 Github repositories
9.8
CVSSv3
CVE-2023-3824
In PHP version 8.0.* prior to 8.0.30, 8.1.* prior to 8.1.22, and 8.2.* prior to 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
Php Php
Fedoraproject Fedora 38
Debian Debian Linux 10.0
6 Github repositories
2 Articles
9.8
CVSSv3
CVE-2023-37682
Judging Management System v1.0 exists to contain a SQL injection vulnerability via the id parameter at /php-jms/deductScores.php.
Judging Management System Project Judging Management System 1.0
9.8
CVSSv3
CVE-2023-33367
A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated malicious users to write PHP files on the server's root directory, resulting in remote code execution.
Assaabloy Control Id Idsecure
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »