National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 26,592 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-16644

App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring.

Published: September 20, 2019; 12:15:13 PM -04:00
(not available)
CVE-2015-9408

The xpinner-lite plugin through 2.2 for WordPress has wp-admin/options-general.php CSRF with resultant XSS.

Published: September 20, 2019; 12:15:13 PM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-9407

The xpinner-lite plugin through 2.2 for WordPress has xpinner-lite.php XSS.

Published: September 20, 2019; 12:15:13 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-9401

The websimon-tables plugin through 1.3.4 for WordPress has wp-admin/tools.php edit_style id XSS.

Published: September 20, 2019; 12:15:12 PM -04:00
(not available)
CVE-2015-9400

The wordpress-meta-robots plugin through 2.1 for WordPress has wp-admin/post-new.php text SQL injection.

Published: September 20, 2019; 12:15:12 PM -04:00
(not available)
CVE-2015-9399

The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graph_trend.php type SQL injection.

Published: September 20, 2019; 12:15:12 PM -04:00
(not available)
CVE-2015-9398

The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php gcid SQL injection.

Published: September 20, 2019; 12:15:12 PM -04:00
(not available)
CVE-2015-9397

The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php deletegc XSS.

Published: September 20, 2019; 12:15:12 PM -04:00
(not available)
CVE-2015-9396

The auto-thickbox-plus plugin through 1.9 for WordPress has wp-content/plugins/auto-thickbox-plus/download.min.php?file= XSS.

Published: September 20, 2019; 12:15:11 PM -04:00
(not available)
CVE-2015-9394

The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=package_add_new to wp-admin/admin-ajax.php.

Published: September 20, 2019; 12:15:11 PM -04:00
(not available)
CVE-2019-16642

App\Mobile\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Mobile/Zhuanti/group?id= substring.

Published: September 20, 2019; 11:15:14 AM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2016-11013

The wp-listings plugin before 2.0.2 for WordPress has includes/views/single-listing.php XSS.

Published: September 20, 2019; 11:15:13 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-11005

The instalinker plugin before 1.1.2 for WordPress has includes/instalinker-admin-preview.php?client_id= XSS.

Published: September 20, 2019; 11:15:13 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-10999

The Goodnews theme through 2016-02-28 for WordPress has XSS via the s parameter.

Published: September 20, 2019; 11:15:13 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-10998

The ocim-mp3 plugin through 2016-03-07 for WordPress has wp-content/plugins/ocim-mp3/source/pages.php?id= XSS.

Published: September 20, 2019; 11:15:12 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-10997

The beauty-premium theme 1.0.8 for WordPress has CSRF with resultant arbitrary file upload in includes/sendmail.php.

Published: September 20, 2019; 11:15:12 AM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-9388

The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/edit.php CSRF with resultant XSS.

Published: September 20, 2019; 11:15:11 AM -04:00
(not available)
CVE-2015-9387

The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/options-general.php CSRF.

Published: September 20, 2019; 11:15:11 AM -04:00
(not available)
CVE-2019-15089

An issue was discovered in PRiSE adAS 1.7.0. Forms have no CSRF protection, letting an attacker execute actions as the administrator.

Published: September 20, 2019; 10:15:12 AM -04:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-15088

An issue was discovered in PRiSE adAS 1.7.0. Password hashes are compared using the equality operator. Thus, under specific circumstances, it is possible to bypass login authentication.

Published: September 20, 2019; 10:15:12 AM -04:00
(not available)