Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php php - vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-36811
An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows malicious users to execute arbitrary code via uploading a crafted PHP file.
NA
CVE-2024-30162
Invision Community up to and including 4.7.16 allows remote code execution via the applications/core/modules/admin/editor/toolbar.php IPS\core\modules\admin\editor\_toolbar::addPlugin() method. This method handles uploaded ZIP files that are extracted into the applications/core/i...
NA
CVE-2024-4620
The ARForms - Premium WordPress Form Builder Plugin WordPress plugin prior to 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form
NA
CVE-2024-5458
PHP security releases 8.3.8, 8.2.20, and 8.1.29
NA
CVE-2024-5585
PHP security releases 8.3.8, 8.2.20, and 8.1.29
NA
CVE-2024-4577
PHP RCE PoC CVE-2024-4577: Argument Injection in PHP-CGI Overview This repository contains scripts to check for the CVE-2024-4577 vulnerability, an argument injection issue in PHP-CGI. You can use the provided Bash, Go, and Python scripts to test a list of domains for this vulner...
17 Github repositories
1 Article
NA
CVE-2024-36774
An arbitrary file upload vulnerability in Monstra CMS v3.0.4 allows malicious users to execute arbitrary code via uploading a crafted PHP file.
NA
CVE-2024-5673
Vulnerability in Dulldusk's PHP File Manager affecting version 1.7.8. This vulnerability consists of an XSS through the fm_current_dir parameter of index.php. An attacker could send a specially crafted JavaScript payload to an authenticated user and partially hijack their br...
NA
CVE-2024-2017
The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the conditionsRow and switchCountdown functions in all versions up to, and including, 2.7.8. This makes it possible...
NA
CVE-2024-5179
The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.1 via the 'item_style' and 'style' parameters. This makes it possible for authenticated attackers, with Contributor-leve...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »