Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php 3.0.2 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-4413
Direct static code injection vulnerability in admincp/user_help.php in Headstart Solutions DeskPRO 3.0.2 allows remote authenticated users to inject arbitrary PHP code into an unspecified file via a new_entry value in the do parameter.
Headstart Solutions Deskpro 3.0.2
7.5
CVSSv3
CVE-2019-13464
An issue exists in OWASP ModSecurity Core Rule Set (CRS) 3.0.2. Use of X.Filename instead of X_Filename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid.
Modsecurity Owasp Modsecurity Core Rule Set 3.0.2
NA
CVE-2011-3723
Crafty Syntax 3.0.2 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by README_FILES/livehelp.php and certain other files.
Craftysyntax Crafty Syntax 3.0.2
NA
CVE-2008-6502
Directory traversal vulnerability in Pro Chat Rooms 3.0.2 allows remote authenticated users to select an arbitrary local PHP script as an avatar via a .. (dot dot) in the avatar parameter, and cause other users to execute this script by using sendData.php to send a message to (1)...
Prochatrooms Pro Chat Rooms 3.0.2
1 EDB exploit
5.4
CVSSv3
CVE-2018-6868
Cross Site Scripting (XSS) exists in PHP Scripts Mall Slickdeals / DealNews / Groupon Clone Script 3.0.2 via a User Profile Field parameter.
Groupon Clone Script Project Groupon Clone Script 3.0.2
NA
CVE-2012-4343
Multiple unspecified vulnerabilities in Gallery 3 prior to 3.0.4 allow malicious users to execute arbitrary PHP code via unknown vectors.
Menalto Gallery 3.0.2
Menalto Gallery 3.0
Menalto Gallery 3.0.1
Menalto Gallery
NA
CVE-2005-0429
Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 up to and including 3.0.4, when showforumusers is enabled, allows remote malicious users to execute inject arbitrary PHP commands via the comma parameter.
Jelsoft Vbulletin 3.0
Jelsoft Vbulletin 3.0.1
Jelsoft Vbulletin 3.0.2
Jelsoft Vbulletin 3.0.3
Jelsoft Vbulletin 3.0.4
2 EDB exploits
NA
CVE-2006-4004
Directory traversal vulnerability in index.php in vbPortal 3.0.2 up to and including 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote malicious users to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstra...
Vbportal Vbportal 3.0.2
Vbportal Vbportal 3.5.0 Beta 2
Vbportal Vbportal 3.5.0 Beta 3
Vbportal Vbportal 3.5.0 Gold
Vbportal Vbportal 3.6.0 Beta 1
1 EDB exploit
NA
CVE-2010-0983
PHP remote file inclusion vulnerability in include/mail.inc.php in Rezervi 3.0.2 and previous versions, when register_globals is enabled, allows remote malicious users to execute arbitrary PHP code via a URL in the root parameter, a different vector than CVE-2007-2156.
Utilo Rezervi
1 EDB exploit
NA
CVE-2006-4630
PHP remote file inclusion vulnerability in jscript.php in Sky GUNNING MySpeach 3.0.2 and previous versions, when register_globals is enabled, allows remote malicious users to execute arbitrary PHP code via a URL in the my_ms[root] parameter.
Sky Gunning Myspeach
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »