Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php group vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2022-24708
Anuko Time Tracker is an open source, web-based time tracking application written in PHP. ttUser.class.php in Time Tracker versions before 1.20.0.5646 was not escaping primary group name for display. Because of that, it was possible for a logged in user to modify primary group na...
Anuko Time Tracker
7.2
CVSSv2
CVE-2019-1604
A vulnerability in the user account management interface of Cisco NX-OS Software could allow an authenticated, local malicious user to gain elevated privileges on an affected device. The vulnerability is due to an incorrect authorization check of user accounts and their associate...
Cisco Nx-os
6.5
CVSSv2
CVE-2018-1000502
MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel (Tools and Maintenance -> Task Manager -> Add New Task) that can result in Allows Local File Inclusion on modern PHP versions and Remote File Inclusion on ancient PHP versions. This attack appear to be e...
Mybb Mybb
4.3
CVSSv2
CVE-2003-1307
The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the...
Apache Http Server 2.0.42
Apache Http Server 2.0.47
Apache Http Server 2.0.28
Apache Http Server 2.0.35
Apache Http Server 2.0.37
Apache Http Server 2.0.32
Apache Http Server 2.0.44
Apache Http Server 2.0.34
Apache Http Server 2.0.39
Apache Http Server 2.0.46
Apache Http Server 2.0.41
Apache Http Server 2.0.9
Apache Http Server 2.0.38
Apache Http Server 2.0.48
Apache Http Server 2.0.45
Apache Http Server 2.0.40
Apache Http Server 2.0.36
Apache Http Server 2.0.43
Apache Http Server 2.0
2 EDB exploits
2 Github repositories
6.5
CVSSv2
CVE-2018-14911
A file upload vulnerability exists in ukcms v1.1.7 and previous versions. The vulnerability is due to the system not strictly filtering the file upload type. An attacker can exploit the vulnerability to upload a script Trojan to admin.php/admin/configset/index/group/upload.html t...
Ukcms Ukcms
6.8
CVSSv2
CVE-2007-5146
Multiple PHP remote file inclusion vulnerabilities in dedi-group Der Dirigent 1.0 allow remote malicious users to execute arbitrary PHP code via a URL in the dedi_path parameter to (1) inc.generate_code.php, (2) fnc.type_forms.php, or (3) fnc.type.php in backend/inc/, or (4) fron...
Der Dirigent Der Dirigent 1.0
9
CVSSv2
CVE-2017-14123
Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. Any user can upload files with any extensions. By uploading a PHP file to the server, an attacker can cause it to execute in the server context, as demon...
Zohocorp Manageengine Firewall Analyzer 12.2
6.5
CVSSv2
CVE-2020-35625
An issue exists in the Widgets extension for MediaWiki up to and including 1.35.1. Any user with the ability to edit pages within the Widgets namespace could call any static function within any class (defined within PHP or MediaWiki) via a crafted HTML comment, related to a Smart...
Mediawiki Mediawiki
NA
CVE-2023-48295
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. Affected versions are subject to a cross site scripting (XSS) vulnerability in the device group popups. This issue has been a...
Librenms Librenms
6.5
CVSSv2
CVE-2020-13443
ExpressionEngine prior to 5.3.2 allows remote malicious users to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. A user with low privileges (member) is able to upload this. It is possible to bypass the MIME type chec...
Expressionengine Expressionengine
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »