National Vulnerability Database

National Vulnerability Database

National Vulnerability

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 26,391 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity

Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just blocking for a number of seconds). This affects both api_jsonrpc.php and index.php.

Published: August 17, 2019; 02:15:10 PM -04:00
(not available)

REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3) to Calendar/calendar_popup_ajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to compromise all data.

Published: August 17, 2019; 01:15:10 PM -04:00
(not available)

filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arbitrary file upload.

Published: August 16, 2019; 09:15:11 AM -04:00
(not available)

A command injection vulnerability in UploadHandler.php in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root.

Published: August 15, 2019; 05:15:11 PM -04:00
(not available)

An issue was discovered in in TortoiseSVN 1.12.1. The Tsvncmd: URI handler allows a customised diff operation on Excel workbooks, which could be used to open remote workbooks without protection from macro security settings to execute arbitrary code. A tsvncmd:command:diff?path:[file1]?path2:[file2] URI will execute a customised diff on [file1] and [file2] based on the file extension. For xls files, it will execute the script diff-xls.js using wscript, which will open the two files for analysis without any macro security warning. An attacker can exploit this by putting a macro virus in a network drive, and force the victim to open the workbooks and execute the macro inside.

Published: August 15, 2019; 01:15:13 PM -04:00
(not available)

The Custom 404 Pro plugin 3.2.8 for WordPress has XSS via the wp-admin/admin.php?page=c4p-main page parameter.

Published: August 15, 2019; 12:15:12 PM -04:00
(not available)

wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value.

Published: August 15, 2019; 12:15:12 PM -04:00
(not available)

The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter.

Published: August 15, 2019; 12:15:12 PM -04:00
(not available)

A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/payments/class-payments-query.php.

Published: August 15, 2019; 12:15:11 PM -04:00
(not available)

The FV Flowplayer Video Player plugin before for WordPress allows guests to obtain the email subscription list in CSV format via the wp-admin/admin-post.php?page=fvplayer&fv-email-export=1 URI.

Published: August 15, 2019; 11:15:15 AM -04:00
(not available)

The toggle-the-title (aka Toggle The Title) plugin 1.4 for WordPress has XSS via the wp-admin/admin-ajax.php?action=update_title_options isAutoSaveValveChecked or isDisableAllPagesValveChecked parameter.

Published: August 15, 2019; 11:15:14 AM -04:00
(not available)

The limb-gallery (aka Limb Gallery) plugin 1.4.0 for WordPress has XSS via the wp-admin/admin-ajax.php?action=grsGalleryAjax&grsAction=shortcode task parameter,

Published: August 15, 2019; 11:15:14 AM -04:00
(not available)

An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element (containing a user/card.php CSRF request) in his Linked Files settings page. When visited by the admin, this could completely take over the admin account. (The protection mechanism for CSRF is to check the Referer header; however, because the attack is from one of the application's own settings pages, this mechanism is bypassed.)

Published: August 14, 2019; 07:15:10 PM -04:00
(not available)

An issue was discovered in the svg-vector-icon-plugin (aka WP SVG Icons) plugin through 3.2.1 for WordPress. wp-admin/admin.php?page=wp-svg-icons-custom-set mishandles Custom Icon uploads. CSRF leads to upload of a ZIP archive containing a .php file.

Published: August 14, 2019; 05:15:13 PM -04:00
(not available)

Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability: Handling of unsolicited Reverse ARP replies (Logical Flaw).

Published: August 14, 2019; 04:15:11 PM -04:00
(not available)

The wp-fastest-cache plugin before for WordPress has SQL injection in wp-admin/admin-ajax.php?action=wpfc_wppolls_ajax_request via the poll_id parameter.

Published: August 14, 2019; 11:15:11 AM -04:00
(not available)

An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, it will be deleted from server.

Published: August 13, 2019; 10:15:12 AM -04:00
(not available)

Adive Framework through 2.0.7 is affected by XSS in the Create New Table and Create New Navigation Link functions.

Published: August 13, 2019; 12:15:12 AM -04:00
V3: 4.8 MEDIUM
V2: 3.5 LOW

iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter.

Published: August 12, 2019; 06:15:11 PM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM

An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in a mod=faqs action.

Published: August 12, 2019; 02:15:12 PM -04:00
V2: 7.5 HIGH