Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-36132
PHP Jabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control.
Phpjabbers Availability Booking Calendar 5.0
9.8
CVSSv3
CVE-2023-36134
In PHP Jabbers Class Scheduling System 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote malicious users to take over accounts.
Phpjabbers Class Scheduling System 1.0
9.8
CVSSv3
CVE-2023-33561
Improper input validation of password parameter in PHP Jabbers Time Slots Booking Calendar v 3.3 results in insecure passwords.
Phpjabbers Time Slots Booking Calendar 3.3
9.8
CVSSv3
CVE-2023-33562
User enumeration is found in in PHP Jabbers Time Slots Booking Calendar v3.3. This issue occurs during password recovery, where a difference in messages could allow an malicious user to determine if the user is valid or not, enabling a brute force attack with valid users.
Phpjabbers Time Slots Booking Calendar 3.3
9.8
CVSSv3
CVE-2023-3806
A vulnerability, which was classified as critical, was found in SourceCodester House Rental and Property Listing System 1.0. Affected is an unknown function of the file btn_functions.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely....
House Rental And Property Listing Php Project House Rental And Property Listing Php 1.0
9.8
CVSSv3
CVE-2023-37839
An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.109 allows malicious users to execute arbitrary code via uploading a crafted PHP file.
Dedecms Dedecms 5.7.109
9.8
CVSSv3
CVE-2023-37629
Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by sending a POST request to "add-pig.php."
Simple Online Piggery Management System Project Simple Online Piggery Management System 1.0
1 Github repository
9.8
CVSSv3
CVE-2023-36994
In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an malicious user to overwrite the server configuration and inject PHP code.
Travianz Project Travianz 8.3.4
Travianz Project Travianz 8.3.3
9.8
CVSSv3
CVE-2020-22153
File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote malicious user to execute arbitrary code via a crafted .php file to the upload parameter in the navigation function.
Thedaylightstudio Fuel Cms 1.4.6
9.8
CVSSv3
CVE-2020-18432
File Upload vulnerability in SEMCMS PHP 3.7 allows remote malicious users to upload arbitrary files and gain escalated privileges.
Sem-cms Semcms 3.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »