Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php group php vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2022-26254
WoWonder The Ultimate PHP Social Network Platform v4.0.0 exists to contain an access control issue which allows unauthenticated malicious users to arbitrarily change group ID names.
Wowonder Wowonder 4.0
4.3
CVSSv2
CVE-2003-1307
The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the...
Apache Http Server 2.0.42
Apache Http Server 2.0.47
Apache Http Server 2.0.28
Apache Http Server 2.0.35
Apache Http Server 2.0.37
Apache Http Server 2.0.32
Apache Http Server 2.0.44
Apache Http Server 2.0.34
Apache Http Server 2.0.39
Apache Http Server 2.0.46
Apache Http Server 2.0.41
Apache Http Server 2.0.9
Apache Http Server 2.0.38
Apache Http Server 2.0.48
Apache Http Server 2.0.45
Apache Http Server 2.0.40
Apache Http Server 2.0.36
Apache Http Server 2.0.43
Apache Http Server 2.0
2 EDB exploits
2 Github repositories
6.5
CVSSv2
CVE-2018-1000502
MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel (Tools and Maintenance -> Task Manager -> Add New Task) that can result in Allows Local File Inclusion on modern PHP versions and Remote File Inclusion on ancient PHP versions. This attack appear to be e...
Mybb Mybb
6.8
CVSSv2
CVE-2007-5146
Multiple PHP remote file inclusion vulnerabilities in dedi-group Der Dirigent 1.0 allow remote malicious users to execute arbitrary PHP code via a URL in the dedi_path parameter to (1) inc.generate_code.php, (2) fnc.type_forms.php, or (3) fnc.type.php in backend/inc/, or (4) fron...
Der Dirigent Der Dirigent 1.0
3.5
CVSSv2
CVE-2022-24708
Anuko Time Tracker is an open source, web-based time tracking application written in PHP. ttUser.class.php in Time Tracker versions before 1.20.0.5646 was not escaping primary group name for display. Because of that, it was possible for a logged in user to modify primary group na...
Anuko Time Tracker
9
CVSSv2
CVE-2017-14123
Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. Any user can upload files with any extensions. By uploading a PHP file to the server, an attacker can cause it to execute in the server context, as demon...
Zohocorp Manageengine Firewall Analyzer 12.2
5
CVSSv2
CVE-2017-3883
A vulnerability in the authentication, authorization, and accounting (AAA) implementation of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an unauthenticated, remote malicious user to cause an affected device to reload. The vulnerability...
Cisco Firepower Extensible Operating System
Cisco Fxos 2.3
Cisco Nx-os 5.2
Cisco Nx-os 6.2
Cisco Nx-os 6.3
Cisco Nx-os 7.3
Cisco Nx-os 8.1
Cisco Nx-os 8.2
Cisco Nx-os
Cisco Nx-os 7.0
Cisco Nx-os 7.0\\(3\\)i3\\(1\\)
Cisco Nx-os 7.1\\(0.1\\)
Cisco Nx-os 6.1
Cisco Nx-os 2.5
Cisco Nx-os 3.0
Cisco Nx-os 3.1
Cisco Nx-os 3.2
6.5
CVSSv2
CVE-2020-35625
An issue exists in the Widgets extension for MediaWiki up to and including 1.35.1. Any user with the ability to edit pages within the Widgets namespace could call any static function within any class (defined within PHP or MediaWiki) via a crafted HTML comment, related to a Smart...
Mediawiki Mediawiki
6.5
CVSSv2
CVE-2020-13443
ExpressionEngine prior to 5.3.2 allows remote malicious users to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. A user with low privileges (member) is able to upload this. It is possible to bypass the MIME type chec...
Expressionengine Expressionengine
NA
CVE-2023-48295
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. Affected versions are subject to a cross site scripting (XSS) vulnerability in the device group popups. This issue has been a...
Librenms Librenms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »