sql injection vulnerabilities and exploits

7.5
CVSSv2
CVE-2015-5243

phpWhois allows remote attackers to execute arbitrary code via a crafted whois record....

Phpwhois
6.5
CVSSv2
CVE-2017-10993

Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal....

ContaoContao Cms
6.8
CVSSv2
CVE-2018-1000888

PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are several file operations with `$v_header['filename']` as parameter (such as file_exists, is_file, is_dir, etc). When extract is called without a...

PhpPear Archive TarCanonicalUbuntu LinuxDebianDebian Linux
6.8
CVSSv2
CVE-2018-19296

PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack....

Phpmailer ProjectPhpmailerDebianDebian Linux
6.8
CVSSv2
CVE-2018-19277

securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file...

Phpspreadsheet ProjectPhpspreadsheet
7.5
CVSSv2
CVE-2017-9841

Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external...

Phpunit ProjectPhpunit
NA
CVE-2019-12246

PHP Security Advisories Database The PHP Security Advisories Database references known security vulnerabilities in various PHP projects and libraries. This database must not serve as the primary source of information for security issues, it is not authoritative for any...

5
CVSSv2
CVE-2018-13982

Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read...

Smarty
7.5
CVSSv2
CVE-2019-9194

elFinder before 2.1.48 has a command injection vulnerability in the PHP connector....

Std42Elfinder
7.5
CVSSv2
CVE-2016-10074

The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address in the (1)...

Swiftmailer